General

  • Target

    Server.exe

  • Size

    7.0MB

  • Sample

    230621-ym2gascd4y

  • MD5

    5bad0b5c7d840efbf37d886f5b51d9ee

  • SHA1

    58ab9ac2359808cb8db60b7f85df3397f9355ac8

  • SHA256

    0d32c69169a37902b2c1390b37e9039fe50ddb2f4c74f7f0e91538fe8158150d

  • SHA512

    67633aa674e44a371f2ca3edb856af6cdf965a29901225af2ccdfc3f9d9658ccb71cb418c0a7502eac9f7b112dcbd0b0370c78aae04c9d17d7edd26009e26664

  • SSDEEP

    98304:LB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:wcUG4raKu24YY7HVT4hV0AD6QgqKRgX

Malware Config

Targets

    • Target

      Server.exe

    • Size

      7.0MB

    • MD5

      5bad0b5c7d840efbf37d886f5b51d9ee

    • SHA1

      58ab9ac2359808cb8db60b7f85df3397f9355ac8

    • SHA256

      0d32c69169a37902b2c1390b37e9039fe50ddb2f4c74f7f0e91538fe8158150d

    • SHA512

      67633aa674e44a371f2ca3edb856af6cdf965a29901225af2ccdfc3f9d9658ccb71cb418c0a7502eac9f7b112dcbd0b0370c78aae04c9d17d7edd26009e26664

    • SSDEEP

      98304:LB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:wcUG4raKu24YY7HVT4hV0AD6QgqKRgX

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Modifies Windows Firewall

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks