General

  • Target

    47feab24e4a7a088fcac9a7067cbf318.bin

  • Size

    4.8MB

  • Sample

    230319-wctmlabe8z

  • MD5

    37bf0a36bc2ef2876079f489bf7c0bd2

  • SHA1

    8d992c36cb9d3f9506d762436897b89d0d722dcc

  • SHA256

    e22d79dad64ac588171dd904f804060252e9b4c690cfb368dca41bf19ecb6b8a

  • SHA512

    f130e28eac6959c3feb3695237852e277535a5e901dafdba934df1cd7fda49d9a184d51cb6b92a4076ca32fb3f45419940357097dddb1198ef59d3858cc2bb8f

  • SSDEEP

    98304:BrPzlgBzyua5esuzsBpZRn5eZ/dnSRbHING4DsNA+7Lm2hL5Jg8n4CfDbgO:BrPzalLOVLRYZ/WbHOGJNt7LP1JFtLMO

Malware Config

Targets

    • Target

      53285fb142e48bd1a568509c8997067370ac4578b3c92d8c3bc75ecdebc2915f.bin

    • Size

      5.1MB

    • MD5

      47feab24e4a7a088fcac9a7067cbf318

    • SHA1

      bbe0dcbe7eb3d0fa19b4afb5edff51b7066ec45d

    • SHA256

      53285fb142e48bd1a568509c8997067370ac4578b3c92d8c3bc75ecdebc2915f

    • SHA512

      6b3b0e289d06839cfd32327dfa1795368601a789c3dc2a0db9f0cce01001a28a584d5c26ce4e46e9002626a1f3ba318e038578e86f00cff489956aace8b419aa

    • SSDEEP

      98304:KxNeg5VPsVXSfJHbM+A+PoudLZ1uRhkuoxa4kReiX2+jli:TgTZhHbFddNZ1kroxacUbBi

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks