General

  • Target

    1278.zip

  • Size

    8.8MB

  • Sample

    220701-j7t6dsbegq

  • MD5

    c8d1057de6cd36d2a6243295cfbadc62

  • SHA1

    aa3386ae82e3266291c334492d5b2fae7f8aee46

  • SHA256

    b8749ac28143dabcfb7ce189d505859fe74d33a55618e76972fba4ebdc50435e

  • SHA512

    96a2b4a005856c93877ee099539c37304b20b492761e64a3533f790b8dc0ce88e6a0bbca1597d073414016be155d73eac4e40f03b4adc7d1e0c09a9d54d0a032

Malware Config

Targets

    • Target

      bp6i681627o3978tmwuggg

    • Size

      884KB

    • MD5

      4685811c853ceaebc991c3a8406694bf

    • SHA1

      9cd382eb91bfea5782dd09f589a31b47c2c2b53e

    • SHA256

      3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4

    • SHA512

      a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46

    Score
    1/10
    • Target

      pwkxmpqtpc.vjr

    • Size

      14.8MB

    • MD5

      92efc14aa81e78a75d0ec57cb5807c5d

    • SHA1

      c1301afc869509bc6b71a19edfeb8e82776b8bc0

    • SHA256

      817e0007386c685b1ca38fd9957310e9e34e30c664f6da65a9b5943009af8087

    • SHA512

      75a36405df5928a8a4dad148b184e573ee0c3f7c0c9cf1571b8f6222872323f015b6bca07d3134c32b87a6efde3c2b0a9b75897273887b0dd9fef5ce4b2928fa

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks