General

  • Target

    fbo3xfp9z41vwe0tzc0jd

  • Size

    8MB

  • Sample

    220701-kbaybabgem

  • MD5

    ceb7d86b25278e2d828955a398de923c

  • SHA1

    21bf41eb81548d5e97ca6e8780f669eb00860d28

  • SHA256

    f1f0291aed00e8a997b0e8812f4757abdbd9ba85fd5e98f212b183c9f9c0e849

  • SHA512

    7147a8d8d91319b0f1f82043441efe0b2ec4f55fa6ed3cce22851a43f0a3b0a434e41bf5c53b2cd8bbb089bff88c7269d9d1faa2a023308296a5076dd6441274

Malware Config

Targets

    • Target

      fbo3xfp9z41vwe0tzc0jd

    • Size

      8MB

    • MD5

      ceb7d86b25278e2d828955a398de923c

    • SHA1

      21bf41eb81548d5e97ca6e8780f669eb00860d28

    • SHA256

      f1f0291aed00e8a997b0e8812f4757abdbd9ba85fd5e98f212b183c9f9c0e849

    • SHA512

      7147a8d8d91319b0f1f82043441efe0b2ec4f55fa6ed3cce22851a43f0a3b0a434e41bf5c53b2cd8bbb089bff88c7269d9d1faa2a023308296a5076dd6441274

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks