General

  • Target

    Stand.Launchpad.exe

  • Size

    7.2MB

  • Sample

    230726-wg9vdafb78

  • MD5

    b805e3d2e329b4314f32d843130cf8d5

  • SHA1

    6c5493accafa1a32944f2d3432a651eaf9f69acd

  • SHA256

    c79a544103c68b5bdfc5f9983d7833caf169054736e8c899b9aff0b7ca602346

  • SHA512

    87ff585482d5162ce4f3e1d703b5676719d9c38359d36bb5f0ac520cf901e60143d8b2451fde0c750e3f5c2154cb130c06f38483598cad42fb2404b1a55b0136

  • SSDEEP

    196608:Ac8gmG+rmoSOG8O9LxJ0L54AP+uciMVO8/c:w6oJG8MLsCE8zO8k

Malware Config

Targets

    • Target

      Stand.Launchpad.exe

    • Size

      7.2MB

    • MD5

      b805e3d2e329b4314f32d843130cf8d5

    • SHA1

      6c5493accafa1a32944f2d3432a651eaf9f69acd

    • SHA256

      c79a544103c68b5bdfc5f9983d7833caf169054736e8c899b9aff0b7ca602346

    • SHA512

      87ff585482d5162ce4f3e1d703b5676719d9c38359d36bb5f0ac520cf901e60143d8b2451fde0c750e3f5c2154cb130c06f38483598cad42fb2404b1a55b0136

    • SSDEEP

      196608:Ac8gmG+rmoSOG8O9LxJ0L54AP+uciMVO8/c:w6oJG8MLsCE8zO8k

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks