General
-
Target
Acunetix Premium Activation Tool.exe
-
Size
13.3MB
-
Sample
220723-y3t26agggn
-
MD5
fc469f3f0d85aa66eb676f9a9e81b448
-
SHA1
850d94781455275b0b4d98a18be4db76843c12bf
-
SHA256
c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439
-
SHA512
7c532923caa5507f8266e7983603792102c77c844c9fcbd9bca069f8b25b2f046591a889c42a5792e096bb050edb9dadae7d2bc9fccf78661c079d179d0c5355
Behavioral task
behavioral1
Sample
Acunetix Premium Activation Tool.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Acunetix Premium Activation Tool.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
Acunetix Premium Activation Tool.exe
-
Size
13.3MB
-
MD5
fc469f3f0d85aa66eb676f9a9e81b448
-
SHA1
850d94781455275b0b4d98a18be4db76843c12bf
-
SHA256
c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439
-
SHA512
7c532923caa5507f8266e7983603792102c77c844c9fcbd9bca069f8b25b2f046591a889c42a5792e096bb050edb9dadae7d2bc9fccf78661c079d179d0c5355
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-