60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8

General
Target

60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8

Size

3MB

Sample

220120-j8a4xahaam

Score
9 /10
MD5

aa7e600161d7614b3e08d40494f2d4bc

SHA1

9d3780e0e0d6413711b2440cf6da6ce7cf79e1f2

SHA256

60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8

SHA512

b3b14ac946177913539f36f4a1e137d59d82e596b91bcbbd1329405080ae181ae804423ba88087012405525db2665a93fc569a237884840c8e8854a5b61b524f

Malware Config
Targets
Target

60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8

MD5

aa7e600161d7614b3e08d40494f2d4bc

Filesize

3MB

Score
9/10
SHA1

9d3780e0e0d6413711b2440cf6da6ce7cf79e1f2

SHA256

60993129337e1a1f07964c4a34bee86292cd508e7a02d49ba1ca119fd02203f8

SHA512

b3b14ac946177913539f36f4a1e137d59d82e596b91bcbbd1329405080ae181ae804423ba88087012405525db2665a93fc569a237884840c8e8854a5b61b524f

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Executes dropped EXE

  • Sets service image path in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    7/10