Activate__Full__Setup.exe

General
Target

Activate__Full__Setup.exe

Size

2MB

Sample

220119-tr9w1sbdh8

Score
10 /10
MD5

1e07343c234d91c56b9dd6618fe2707e

SHA1

f6d0f9b4543897d9cc5fa6cf98003b74cdf5c237

SHA256

32d3346ff0178589981d808bfd950b5867e6245bd659d27341269af83785bd6e

SHA512

a8ecc970e83fada0bff522321376987e28224f57782deabb69c986be6f7caa9c0f9e7c85d6350ac7236f1a7c6b2e1d44230f9a92a59770793c5b2fb3df52de9b

Malware Config
Targets
Target

Activate__Full__Setup.exe

MD5

1e07343c234d91c56b9dd6618fe2707e

Filesize

2MB

Score
10/10
SHA1

f6d0f9b4543897d9cc5fa6cf98003b74cdf5c237

SHA256

32d3346ff0178589981d808bfd950b5867e6245bd659d27341269af83785bd6e

SHA512

a8ecc970e83fada0bff522321376987e28224f57782deabb69c986be6f7caa9c0f9e7c85d6350ac7236f1a7c6b2e1d44230f9a92a59770793c5b2fb3df52de9b

Tags

Signatures

  • evasion

    Description

    evasion.

    Tags

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  7/10

                  behavioral1

                  10/10

                  behavioral3

                  1/10