General

  • Target

    ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4

  • Size

    3.4MB

  • Sample

    231020-ftqn9sec4w

  • MD5

    20fb5e586475341f636b916b026208ff

  • SHA1

    adc20cda17f7d27e37d211b28a24dd06ca7a580c

  • SHA256

    24f92c883d5db4db4c8d39d41e31e6d2715fc345a5ec6433585ce38e2c2392f4

  • SHA512

    41c19075c05a66df4517a0dacce8e90eee1f1dca95f71f9d598e5e88f9928459f1157fa967089e7510cb2a81a23a3e8e7728799d183ef17c39b35edb42b70e0d

  • SSDEEP

    98304:mUoz95vq28HVaKCJj1z2ge+u/3qXuD5OxBBkyWBh:jQZyahJ4g3uPIuFKayu

Malware Config

Targets

    • Target

      ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4

    • Size

      3.4MB

    • MD5

      20fb5e586475341f636b916b026208ff

    • SHA1

      adc20cda17f7d27e37d211b28a24dd06ca7a580c

    • SHA256

      24f92c883d5db4db4c8d39d41e31e6d2715fc345a5ec6433585ce38e2c2392f4

    • SHA512

      41c19075c05a66df4517a0dacce8e90eee1f1dca95f71f9d598e5e88f9928459f1157fa967089e7510cb2a81a23a3e8e7728799d183ef17c39b35edb42b70e0d

    • SSDEEP

      98304:mUoz95vq28HVaKCJj1z2ge+u/3qXuD5OxBBkyWBh:jQZyahJ4g3uPIuFKayu

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks