General
-
Target
nemesis.exe
-
Size
145KB
-
Sample
230401-2tpmvsef6y
-
MD5
50308cb5da61006033d96dcb7215d26c
-
SHA1
0a3664214ecec693a85b73750b967c96d52ebdd6
-
SHA256
502963ee9e86da5e50bd09f3fcb7adadf67862bbe9757ec459bce700dd6fe97f
-
SHA512
34adb027921d43a67900a2d30957ca5531ecd4ff0d6acea4c35fac023b67fc4e035eadce07c63842849cc95af4eee345026e080f758d97c65e5edae3005496af
-
SSDEEP
3072:1PAydW8hHlyIevVhITNW/y6r3WKrQqErj0kY/l+O+d9Sok6fSQz:JASl8toW33zrqEH/YOwSor6Q
Behavioral task
behavioral1
Sample
nemesis.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
nemesis.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
nemesis.exe
-
Size
145KB
-
MD5
50308cb5da61006033d96dcb7215d26c
-
SHA1
0a3664214ecec693a85b73750b967c96d52ebdd6
-
SHA256
502963ee9e86da5e50bd09f3fcb7adadf67862bbe9757ec459bce700dd6fe97f
-
SHA512
34adb027921d43a67900a2d30957ca5531ecd4ff0d6acea4c35fac023b67fc4e035eadce07c63842849cc95af4eee345026e080f758d97c65e5edae3005496af
-
SSDEEP
3072:1PAydW8hHlyIevVhITNW/y6r3WKrQqErj0kY/l+O+d9Sok6fSQz:JASl8toW33zrqEH/YOwSor6Q
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-