General

  • Target

    d398b8b3d9610600e8613dd537e70a98.bin

  • Size

    14.2MB

  • Sample

    230718-cy8tvsfh69

  • MD5

    d398b8b3d9610600e8613dd537e70a98

  • SHA1

    22871b487f334a53eee8399f41d0e2ada796431e

  • SHA256

    1cc7c5968d8bb64fb741c13772986779834eca8293d230cd88aa305c304e89c2

  • SHA512

    10808ff2f1e0385b2de9cd710fdbebb01b8d0be62d9c5da710cd3e06e7d878a6214569969d3091eda12b7ad4d3d45168de28cd5b4664596ca5cc5d8cf055947c

  • SSDEEP

    393216:6C+VjBgl/RQtHqPdmH9+eXcPt0w8da+/DBYVnAwDGqoc83/t77U6BClF:6ljBgRRQN9Tcr8IwtYRQZ/gT

Malware Config

Targets

    • Target

      modest-menu_v0.9.10/modest-menu.exe

    • Size

      14.3MB

    • MD5

      f0851119cec15d35a8f206f1ba446f86

    • SHA1

      5ff263672af7e81a344846b3bce1ff4e59f8b6cd

    • SHA256

      19a82f12d86829e768d226c0ec5e20a664f349d1bbabd3aaeade3ff3d7237282

    • SHA512

      2ccbe9d55b59bc22ce615f23a09baa66d15e88f7c44e8f5561c54b410d02cb309d40865fd22694470fc9cfbda69ad12fb699427778347e49db63d60a341cf5ea

    • SSDEEP

      393216:rO4LKZjqtG+kh/JUwReHLsLjbeeE8KohlBM2Dd1rzO:rrKZjLhDUHimEJhD

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks