General

  • Target

    8488830880.zip

  • Size

    5MB

  • Sample

    221129-kph6vagb71

  • MD5

    d78be2805949220d0445ba8afad30b10

  • SHA1

    6d34fcb5f25ca7c450b43bf75e8b32088600a0fa

  • SHA256

    fe969a76931916543135b86299ba3211693c10a745470cc1411a1204acf9e0c5

  • SHA512

    9c1490425f51ee478487bbc5f3faa31b1191087f2ab818a67a81e0972be5e62fee35769b2ae8125077f156f40e140f2fca96cfdfd097455c446ae3cacff98579

  • SSDEEP

    98304:bWwQdNgWsPVcGuaKwVmPkeClGVqBJ0jnE6HEXgBj6lG7csTwb/tx+dgf3mElnm:bA2VcBkVGbSynE6HNBWlGgn/qdumElnm

Malware Config

Targets

    • Target

      dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0

    • Size

      5MB

    • MD5

      104dd8e3bf957c6cf7da52c546405ab7

    • SHA1

      2623754939b50204e06d94ae62eb6afc6587f69a

    • SHA256

      dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0

    • SHA512

      435f7b869769d3a1642c84f3b081c5e93e22c4fd96f7aa82c9d8201b539106bddc0b047348d92bc752a6d9afcd97bfe1e84eaa20a036d92593806de7adc99628

    • SSDEEP

      98304:NEp+KwDQdGp//3wHhGizimMxJlqyIZybWHOpjecBF7yx2h5UO1VQxznJZ531:NEp+fDQdGp3wBGgovqZfHOxtBB62DI

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks