General

  • Target

    SeroXen.exe

  • Size

    5.5MB

  • Sample

    231103-rb5w1sbh7w

  • MD5

    868ea9ca16edb6f6c37c51b97ea34177

  • SHA1

    a7c5e98aa69bb4df700d8a2bca352a1245c6942f

  • SHA256

    8e327e8dee5e78f1a4be6fa2ebfbeb61949a0b272e400c954b005b1ea4b6b9d9

  • SHA512

    1e9f661394937eae674c138c6eccd68ec84ac620db19a9958c5448a0b4a5676c0d32e6b6d00bb1d95c89443f849d68b19a9e280855f020de3be9fae63f7f4ff2

  • SSDEEP

    98304:cCChcHp5ooEAnHRVN07KgHDpS18DqBRe7qxKfT1J+tNY3LU4rI2qo:Deg53HRVu7vHDpS1IqBRU7kCs2q

Malware Config

Targets

    • Target

      SeroXen.exe

    • Size

      5.5MB

    • MD5

      868ea9ca16edb6f6c37c51b97ea34177

    • SHA1

      a7c5e98aa69bb4df700d8a2bca352a1245c6942f

    • SHA256

      8e327e8dee5e78f1a4be6fa2ebfbeb61949a0b272e400c954b005b1ea4b6b9d9

    • SHA512

      1e9f661394937eae674c138c6eccd68ec84ac620db19a9958c5448a0b4a5676c0d32e6b6d00bb1d95c89443f849d68b19a9e280855f020de3be9fae63f7f4ff2

    • SSDEEP

      98304:cCChcHp5ooEAnHRVN07KgHDpS18DqBRe7qxKfT1J+tNY3LU4rI2qo:Deg53HRVu7vHDpS1IqBRU7kCs2q

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks