b8931e787497efcd1306a1b86529f1d930084650fd6c38fd7051bc167b02e6fb

General
Target

b8931e787497efcd1306a1b86529f1d930084650fd6c38fd7051bc167b02e6fb

Size

1MB

Sample

220119-sr8hhsbag7

Score
10 /10
MD5

600c20e18834769dc0ae528c69108a5d

SHA1

743b942a951d381c0e3efc1fac3e2f09740769c2

SHA256

b8931e787497efcd1306a1b86529f1d930084650fd6c38fd7051bc167b02e6fb

SHA512

36079c25f17ce81de7ebe8b3225421191ba73c1f7a9cf049c7bbc818f8b2b5c157e279dc8e2aeb3d5addb93e233768792ad52a2e75218d55ddfeaf46e30e20ec

Malware Config
Targets
Target

b8931e787497efcd1306a1b86529f1d930084650fd6c38fd7051bc167b02e6fb

MD5

600c20e18834769dc0ae528c69108a5d

Filesize

1MB

Score
10/10
SHA1

743b942a951d381c0e3efc1fac3e2f09740769c2

SHA256

b8931e787497efcd1306a1b86529f1d930084650fd6c38fd7051bc167b02e6fb

SHA512

36079c25f17ce81de7ebe8b3225421191ba73c1f7a9cf049c7bbc818f8b2b5c157e279dc8e2aeb3d5addb93e233768792ad52a2e75218d55ddfeaf46e30e20ec

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion

  • Downloads MZ/PE file

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery

  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    7/10

                    behavioral1

                    10/10