General

  • Target

    aaaaaasdsafdfdsafs.zip

  • Size

    7.0MB

  • Sample

    230617-25hnpadd84

  • MD5

    04c7d110dba77b15a7e3dc0cddff94bc

  • SHA1

    988b7551dc25ef0983d20a13cbc2fb5cb314aa25

  • SHA256

    e747906008c1ca8cec150649b1ec559a68da00ec5210d5f7fb802e1d20c0126e

  • SHA512

    44330bb76e0448e2a86eec647ee7e10875fc898066544fa9e0aae7f3352546233dc9a25220f7bfbd7fa1f4bee0ddd4fed4b908abbf969b274b2c0934d68139b9

  • SSDEEP

    196608:7ciWmhAI4O6Q0dRJDIh3MADSugmKX+XfQ:9aI76QcReqU8t+XfQ

Malware Config

Targets

    • Target

      svchost.exe

    • Size

      7.0MB

    • MD5

      4ba72080b6312d3535a5e0d041fedbb4

    • SHA1

      936310ca7566837284a49f7137c7b2a6f902d286

    • SHA256

      8dedcbc9e349f81dcf2d342a1f7161508cecf1eb3e792c8febec49f8fdff309d

    • SHA512

      6a825a4d9ce7588ef79fdaef4567b7ab8aa5f69e9529e1e2ffed686f55a347c08dccd1450fd4f3e002da2fb23c9e34089c8f5b5b3db0cb9bb3746518028ec64e

    • SSDEEP

      98304:PB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:scUG4raKu24YY7HVT4hV0AD6QgqKRgX

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks