7e0bf07236840a4543088223ae5deae5a7c4e228e3ad93ac3f73b3abe4858667

General

Target

Desktop.rar
Size

9.0MB
Sample

230312-zn52jsfc86
MD5

cc7899ec7fed42804e2db926ec071a40
SHA1

43ae46e957a9bdc2c362bed2faab1afd650a1f94
SHA256

7e0bf07236840a4543088223ae5deae5a7c4e228e3ad93ac3f73b3abe4858667
SHA512

a78505178d9a21e8c3cdddd5d6261d857d6849277d5e64c85956aa21a618da7dcc2bf05167e37984dbc5c1f81554f6012555c678169e2f7ddb2e8a528170334f
SSDEEP

196608:ma553bJV4kJtPaYcdARdyMj4QWkxCWvk5qqwhRGelt+S:J3bJeQtPGdNwPWkgWvkXwhRvlb

Score

9^/10

Malware Config

Targets

- Target
  
  Roles_External.exe
- Size
  
  9.0MB
- MD5
  
  002ad7c91deb54e30a919846fe124eaf
- SHA1
  
  cb092513ae675fe243d92328310471f09b51267a
- SHA256
  
  e9d01a1df753a60c21218dc713bf5b2fa95cd82ceb0f760afd1027249812aabe
- SHA512
  
  2e873b8ec2d32ba60117c6423d7bfca9da830870e0238044a1d50fdb0784598ef20325ff62462c6f88078ddc385dfd854f36f8b47aae9610c83a6d5f92b97fd7
- SSDEEP
  
  196608:p7tXDri3gUyVl21VNlNNjx4MLm6iE8y4HCh4Iv9o9qmDmHYmGN1:pJTrznCJjxpi6iE8y2Ch4MaPm4mO1
Score

9^/10

bootkit evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  fake csgo.exe
- Size
  
  6KB
- MD5
  
  d7d024dd3b219a98bc3b39fbdc84e85b
- SHA1
  
  bac84ee8aa9ce5f82aa833ecfae1da0f542bc23c
- SHA256
  
  c33b9c17b7df0c8f26049ca6e2421236486560c1758dddd08f27a63320f535eb
- SHA512
  
  ae5334f99763ad4f5447942364c30a665287d2cde4a96bebf4bb2c9aba6dab9cdf6e8569636ca5414a762581d15f157027d5dcf42b6dc92dae43a0964ed7ad01
- SSDEEP
  
  96:CG+0zRnV+pmf8PmPlt9XB9z+4+vFlTRXkd9pAuo1zNt:nzRV+CUALVB5pWFllX6YFP
Score

1^/10
behavioral2