63e38dc331cd8b202d9109dd5b0e08162673c0661344a06252811d066548c31b

General
Target

63e38dc331cd8b202d9109dd5b0e08162673c0661344a06252811d066548c31b

Size

1MB

Sample

220117-tgjl3sbad3

Score
10 /10
MD5

acabd1f99b9e449d951dea975e1f1ad5

SHA1

ef545ca153737d6246be2cd3de1b26fb92241327

SHA256

63e38dc331cd8b202d9109dd5b0e08162673c0661344a06252811d066548c31b

SHA512

e92d6a0f11d2d96267682eed231e8f5580e32df705bc6c0eeb0b6f7fbbe7c56c67267c8e1994c55bb724343e904137808e1fc9636750d2730aa42b3bf217abd1

Malware Config
Targets
Target

63e38dc331cd8b202d9109dd5b0e08162673c0661344a06252811d066548c31b

MD5

acabd1f99b9e449d951dea975e1f1ad5

Filesize

1MB

Score
10/10
SHA1

ef545ca153737d6246be2cd3de1b26fb92241327

SHA256

63e38dc331cd8b202d9109dd5b0e08162673c0661344a06252811d066548c31b

SHA512

e92d6a0f11d2d96267682eed231e8f5580e32df705bc6c0eeb0b6f7fbbe7c56c67267c8e1994c55bb724343e904137808e1fc9636750d2730aa42b3bf217abd1

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    7/10