General
-
Target
ffe0142116170841058ef82dad227da9bc6f4957f586ceba34b6cbdb466dae2b.msi
-
Size
6.6MB
-
Sample
230512-db6lnabd95
-
MD5
2841262f80eb554d8ef5d1f98c535238
-
SHA1
6661bd65f5161dc336db60e0f47ca2b12e4edfc6
-
SHA256
ffe0142116170841058ef82dad227da9bc6f4957f586ceba34b6cbdb466dae2b
-
SHA512
5349391a29e2fcc3a244a1e556b0fd55e67abb54fbcb7d76ea5cd3359b2d6ca237f38e2bcf0de070dadab62bec1341d017d71baf3032d2e4b9f284302268ac96
-
SSDEEP
196608:yVAHMzCnSHiRU4InYCEKxsko8o0v+6KlZE2BrNGx6GnO:yKHWCSH1p5y6IE2dNDGnO
Malware Config
Targets
-
-
Target
ffe0142116170841058ef82dad227da9bc6f4957f586ceba34b6cbdb466dae2b.msi
-
Size
6.6MB
-
MD5
2841262f80eb554d8ef5d1f98c535238
-
SHA1
6661bd65f5161dc336db60e0f47ca2b12e4edfc6
-
SHA256
ffe0142116170841058ef82dad227da9bc6f4957f586ceba34b6cbdb466dae2b
-
SHA512
5349391a29e2fcc3a244a1e556b0fd55e67abb54fbcb7d76ea5cd3359b2d6ca237f38e2bcf0de070dadab62bec1341d017d71baf3032d2e4b9f284302268ac96
-
SSDEEP
196608:yVAHMzCnSHiRU4InYCEKxsko8o0v+6KlZE2BrNGx6GnO:yKHWCSH1p5y6IE2dNDGnO
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-