0672f13398e67c43c7157c82ebc12bab.exe

General
Target

0672f13398e67c43c7157c82ebc12bab.exe

Size

1MB

Sample

220120-x4dk5abcd6

Score
10 /10
MD5

0672f13398e67c43c7157c82ebc12bab

SHA1

7d0f4d5a05767f7ef534d7b05c72d5498918597d

SHA256

93d7032a2106ff7bfe17dd46bf426aea166fdb883b37f377e2818f1882e494b1

SHA512

3be366a7b80fc25a4569fef8361174b391b3fa01f9eed4039094a083ce9dc69a265b5041c9da2b9fd736cfd2af540ca0c51a5e70a3bbdb0fce2a076eefb57a5a

Malware Config
Targets
Target

0672f13398e67c43c7157c82ebc12bab.exe

MD5

0672f13398e67c43c7157c82ebc12bab

Filesize

1MB

Score
10/10
SHA1

7d0f4d5a05767f7ef534d7b05c72d5498918597d

SHA256

93d7032a2106ff7bfe17dd46bf426aea166fdb883b37f377e2818f1882e494b1

SHA512

3be366a7b80fc25a4569fef8361174b391b3fa01f9eed4039094a083ce9dc69a265b5041c9da2b9fd736cfd2af540ca0c51a5e70a3bbdb0fce2a076eefb57a5a

Tags

Signatures

  • Modifies Windows Defender Real-time Protection settings

    Tags

    TTPs

    Modify RegistryModify Existing ServiceDisabling Security Tools
  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    7/10