General

  • Target

    6327fb3da7680c014e9910fa8d1c012dbc677a2aa487c3ac996079408be7d10b.zip

  • Size

    8.6MB

  • Sample

    220701-kbamjsddc4

  • MD5

    5122a4caaaff263db96e70c6a8925746

  • SHA1

    561b3ab5fb171a545f8340782232ab8e44ef75ce

  • SHA256

    6327fb3da7680c014e9910fa8d1c012dbc677a2aa487c3ac996079408be7d10b

  • SHA512

    9a62bfc0014604b6db12b65fe37bf8904801fb4822f72e228df78de84a9a2ac2e5d5c8da225b00c20eb96500387bede407d27879efde02678d1c4349c02b7b22

Malware Config

Targets

    • Target

      d939n2z05etw2y8zec

    • Size

      884KB

    • MD5

      4685811c853ceaebc991c3a8406694bf

    • SHA1

      9cd382eb91bfea5782dd09f589a31b47c2c2b53e

    • SHA256

      3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4

    • SHA512

      a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46

    Score
    1/10
    • Target

      fbo3xfp9z41vwe0tzc0jd

    • Size

      8.5MB

    • MD5

      ceb7d86b25278e2d828955a398de923c

    • SHA1

      21bf41eb81548d5e97ca6e8780f669eb00860d28

    • SHA256

      f1f0291aed00e8a997b0e8812f4757abdbd9ba85fd5e98f212b183c9f9c0e849

    • SHA512

      7147a8d8d91319b0f1f82043441efe0b2ec4f55fa6ed3cce22851a43f0a3b0a434e41bf5c53b2cd8bbb089bff88c7269d9d1faa2a023308296a5076dd6441274

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks