1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
General
Target
Size
Sample
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
3MB
220116-v2zz8sfge3
Score
9 /10
MD5
SHA1
SHA256
SHA512
8ddcc8ad6802a33161e5364090d0ba1b
a66c8944d6e03c9b310777d805fe81e0cfadb86d
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
102932bce97e585c0dc895187407989b05ca599c31e8b48b20e26ac95ae47e37677f9a0cf625263a21bde9b5cab4abd5badcb39e72a249727a161524e8da322a
Malware Config
Targets
Target
MD5
Filesize
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
8ddcc8ad6802a33161e5364090d0ba1b
3MB
Score
9/10
SHA1
SHA256
SHA512
a66c8944d6e03c9b310777d805fe81e0cfadb86d
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
102932bce97e585c0dc895187407989b05ca599c31e8b48b20e26ac95ae47e37677f9a0cf625263a21bde9b5cab4abd5badcb39e72a249727a161524e8da322a
Tags
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Drops startup file
-
Themida packer
Description
Detects Themida, an advanced Windows software protection system.
Tags
-
Checks whether UAC is enabled
Tags
TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks