Overview

overview

9

Static

static

7

blueberry_...ee.exe

windows7-x64

9

blueberry_...ee.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    blueberry_valorant_external_free.exe

  • Size

    4.3MB

  • Sample

    230329-yx4z6shg34

  • MD5

    aaaacda428369e9232ce8823b4a81f48

  • SHA1

    c81f44134cddf51ba05da3c42327c084e239a956

  • SHA256

    e97de3c318532ff7b6708d5da4f6864ec8b6315760d56736ace4834af99af1d5

  • SHA512

    32225ee9eb191fb1797207fdbd518c6879f5bdf0e8d8bd1c8081a5b1938904ed80ae94f6928725a9bf691531b99db1ded47d890607aa4e9e0a8183173d9d2867

  • SSDEEP

    98304:oj6Zo4FxbjVj69T4wrXuIPdqkf0SodDK3D5l4zdro7hW8vU8:3oA/j6pxQkw+lwk7Pvb

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      blueberry_valorant_external_free.exe

    • Size

      4.3MB

    • MD5

      aaaacda428369e9232ce8823b4a81f48

    • SHA1

      c81f44134cddf51ba05da3c42327c084e239a956

    • SHA256

      e97de3c318532ff7b6708d5da4f6864ec8b6315760d56736ace4834af99af1d5

    • SHA512

      32225ee9eb191fb1797207fdbd518c6879f5bdf0e8d8bd1c8081a5b1938904ed80ae94f6928725a9bf691531b99db1ded47d890607aa4e9e0a8183173d9d2867

    • SSDEEP

      98304:oj6Zo4FxbjVj69T4wrXuIPdqkf0SodDK3D5l4zdro7hW8vU8:3oA/j6pxQkw+lwk7Pvb

    Score
    9/10
    evasionthemidatrojanpersistence

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks