General

  • Target

    Server.exe

  • Size

    7.0MB

  • Sample

    230621-yjdwtscd3z

  • MD5

    a129b7e8ecea7d732b4725f2ce818140

  • SHA1

    8e410cc7f859d11e81e91310262afdce9910df65

  • SHA256

    44e69d70ca5a90f4fe40b974bf8593e174c2c44f254ecde01563a99c48b9950a

  • SHA512

    72886fd7011dc661e117c855d255431563dcab751e059d0f821e37e1530217b23678bd7bb7f4bbd20772defa5b7137518dc0d9effec7fe56945416664854de90

  • SSDEEP

    98304:xB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:acUG4raKu24YY7HVT4hV0AD6QgqKRgX

Malware Config

Targets

    • Target

      Server.exe

    • Size

      7.0MB

    • MD5

      a129b7e8ecea7d732b4725f2ce818140

    • SHA1

      8e410cc7f859d11e81e91310262afdce9910df65

    • SHA256

      44e69d70ca5a90f4fe40b974bf8593e174c2c44f254ecde01563a99c48b9950a

    • SHA512

      72886fd7011dc661e117c855d255431563dcab751e059d0f821e37e1530217b23678bd7bb7f4bbd20772defa5b7137518dc0d9effec7fe56945416664854de90

    • SSDEEP

      98304:xB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:acUG4raKu24YY7HVT4hV0AD6QgqKRgX

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Modifies Windows Firewall

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks