e718fda21871d54c4bade2114a35411b639bee1afe21ef5c5c9a608e72337a9d

General
Target

e718fda21871d54c4bade2114a35411b639bee1afe21ef5c5c9a608e72337a9d

Size

3MB

Sample

220120-v264jsahb5

Score
9 /10
MD5

6f5482d58efd050682c76ca5fc818b66

SHA1

032d2dbc7eed43849a28da095fd4940a370a4620

SHA256

e718fda21871d54c4bade2114a35411b639bee1afe21ef5c5c9a608e72337a9d

SHA512

1c8d8d78c841ab2feff17de48359493b24f64d40dc45b4cc2c4f3daf919fd6d197eba3e65c4881eef47e6037aa19b8389f92dd4d2f189e2510dc9394af4bd790

Malware Config
Targets
Target

e718fda21871d54c4bade2114a35411b639bee1afe21ef5c5c9a608e72337a9d

MD5

6f5482d58efd050682c76ca5fc818b66

Filesize

3MB

Score
9/10
SHA1

032d2dbc7eed43849a28da095fd4940a370a4620

SHA256

e718fda21871d54c4bade2114a35411b639bee1afe21ef5c5c9a608e72337a9d

SHA512

1c8d8d78c841ab2feff17de48359493b24f64d40dc45b4cc2c4f3daf919fd6d197eba3e65c4881eef47e6037aa19b8389f92dd4d2f189e2510dc9394af4bd790

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Executes dropped EXE

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      7/10

                      behavioral1

                      9/10