General

  • Target

    a23d677c9e5176d2e98b2dae2c72842a854f4cfab658c38b29ef883831287934

  • Size

    8.5MB

  • Sample

    220620-jm45vsdca3

  • MD5

    cb6d01a3c203ffacb7b1c3323c1a4b72

  • SHA1

    cd5206f91222a0ff5c6eacfaea1443fa1f737de4

  • SHA256

    a23d677c9e5176d2e98b2dae2c72842a854f4cfab658c38b29ef883831287934

  • SHA512

    7b3dda8c98eb1ecb048718d244faf0a9a9c1a53b97bee073ab5204f284dcb41120939898178bc6c289b0a55ddbedd6b4ed49fac7cceb46e76891e1674587a3f0

Malware Config

Targets

    • Target

      bzskttaekj.yam

    • Size

      7.9MB

    • MD5

      881b9fa1d9acef99650ff4e7d5cb5a7a

    • SHA1

      571b56aabc740ce334c1b5f68909fc1fba1e6877

    • SHA256

      7396a9044c686124956620492341842b2c4a1eb722273cd07c7b5e40d0f9bc1d

    • SHA512

      7d736e79b8c8c033584844b998e7ad80dc22a25458ef18c476c4eb688f1d096960912cea39fa3e7e8c287c372922cbfb428c8622c99a3ea608ed3fa94f5c45ed

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      e88ko0d78vu956w795ggg

    • Size

      884KB

    • MD5

      4685811c853ceaebc991c3a8406694bf

    • SHA1

      9cd382eb91bfea5782dd09f589a31b47c2c2b53e

    • SHA256

      3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4

    • SHA512

      a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46

    Score
    1/10
    • Target

      libeay32.dll

    • Size

      482KB

    • MD5

      c2703965b8ba0ecf8c5d8a043976facc

    • SHA1

      c578c694d4fe5c15acc3b7aa60e9874d0ded3d54

    • SHA256

      e28e34fbdaff077669586dcdb4e10f0ba2ca6c9973ed4d372a5c3ec3b8ad20e7

    • SHA512

      cb729665206594928a90b29e5c7592120345e92a605122ec6aea564250c4d5d48e1d39c8803820eccde7920aa4d9af99fb3748671de076476d833710b9491d61

    Score
    1/10
    • Target

      ssleay32.dll

    • Size

      106KB

    • MD5

      931c97553b3319f21b9ef249aa3cd244

    • SHA1

      42c6611da2154bb6e0911993cf97071908b48bf2

    • SHA256

      7e643c188a1ee3b0251b7dfcab000b7c48fd840eff35189e8a45901852e3910a

    • SHA512

      790141b758aa68c6384aaf6f85b09f9bc641a300a4e7fa05a74c3f89af090fbbfdcfe3dce24842a8d0c75b874839d505692c1951ed66f57e9840c559820514d3

    Score
    8/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks