General

  • Target

    ADS87a4d784A87D487a487A4D87D8sHGIUYgiuyGiyugIUGoijuhiufgtUHouguis.exe

  • Size

    3.0MB

  • Sample

    221011-r7w9raagfm

  • MD5

    c9bfd91a0597d00185737ce65a753be9

  • SHA1

    2658367b5f88891d970392f153595fdb87bdec91

  • SHA256

    f3360f4841b3f4ed6e6c7d42315248473002bcd4f7262db1c813d6074b50240e

  • SHA512

    aa458b785e7f417fd07ee007f96bd290c526e1a4ed22d1cccd713179ec3f8ee2ff81303036c45a4a92b012b3094e06a773a79fad1b1dc9dd390e0711d5ee2236

  • SSDEEP

    49152:axTtE+G757NEqpmvgIMwoUNZq2aLOed/zc7NLD5O7OpJwHMMvKIDYE+pERcPE645:ayFH0Zoywqeta15OapGsMDupERmEtVUQ

Malware Config

Targets

    • Target

      ADS87a4d784A87D487a487A4D87D8sHGIUYgiuyGiyugIUGoijuhiufgtUHouguis.exe

    • Size

      3.0MB

    • MD5

      c9bfd91a0597d00185737ce65a753be9

    • SHA1

      2658367b5f88891d970392f153595fdb87bdec91

    • SHA256

      f3360f4841b3f4ed6e6c7d42315248473002bcd4f7262db1c813d6074b50240e

    • SHA512

      aa458b785e7f417fd07ee007f96bd290c526e1a4ed22d1cccd713179ec3f8ee2ff81303036c45a4a92b012b3094e06a773a79fad1b1dc9dd390e0711d5ee2236

    • SSDEEP

      49152:axTtE+G757NEqpmvgIMwoUNZq2aLOed/zc7NLD5O7OpJwHMMvKIDYE+pERcPE645:ayFH0Zoywqeta15OapGsMDupERmEtVUQ

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks