General
-
Target
NEAS.dabbe6f9d14871ce059b726e23528c40_JC.exe
-
Size
2.7MB
-
Sample
231102-zqpgksfe8z
-
MD5
dabbe6f9d14871ce059b726e23528c40
-
SHA1
a0c53023ba80a60700be4a9b0df3002db7ab6666
-
SHA256
e2906394c5b9a8482b7dc77aec2f2abd5f1e853b52abf6f7d2e84fd6f53df154
-
SHA512
925a792dfc12d1a7a1c269ae7bcf044a6fb32059651fb5a390ffe314c1f19dc92dc36de1630ccdd94df4fa88ea9a837a215430bf27dd17dde0fb4b7012519cf4
-
SSDEEP
49152:WLCuf9Iv29/tTUfxD2F1ZBVmDRjNtRuvaIrY62JpzYLdNR:WZ9Q2B9Ud2NSj/eaOd2JpzYBNR
Malware Config
Targets
-
-
Target
NEAS.dabbe6f9d14871ce059b726e23528c40_JC.exe
-
Size
2.7MB
-
MD5
dabbe6f9d14871ce059b726e23528c40
-
SHA1
a0c53023ba80a60700be4a9b0df3002db7ab6666
-
SHA256
e2906394c5b9a8482b7dc77aec2f2abd5f1e853b52abf6f7d2e84fd6f53df154
-
SHA512
925a792dfc12d1a7a1c269ae7bcf044a6fb32059651fb5a390ffe314c1f19dc92dc36de1630ccdd94df4fa88ea9a837a215430bf27dd17dde0fb4b7012519cf4
-
SSDEEP
49152:WLCuf9Iv29/tTUfxD2F1ZBVmDRjNtRuvaIrY62JpzYLdNR:WZ9Q2B9Ud2NSj/eaOd2JpzYBNR
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1