Overview

overview

9

Static

static

3

MTA_BSC.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    MTA_BSC.exe

  • Size

    51.5MB

  • Sample

    231112-enq76scg8z

  • MD5

    c4ffc88d258cd3aaab24d4d617d1d2af

  • SHA1

    a76f00dab5ecccc6e56620694806e245a36af2f8

  • SHA256

    497afe4737303d9cf9855c0f79d8c09a22fc43553cff6690cfffddc06e636aa8

  • SHA512

    f4117c3033b58d0e142e231e5166e6d372335f3e7e89f084d95ce730f444b71503919aee19590aa5ee23b5b23a4d7bd9be79419e0d326db137e71bbc82cce597

  • SSDEEP

    786432:z5sQKOoDAQla1s5iyk2keoT1zrjVdFmfdDXhMsHHUIFnX57BXNQwptIPnc:ziQ2mg7k8Sp5Id7fUI1X1rQwptI0

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      MTA_BSC.exe

    • Size

      51.5MB

    • MD5

      c4ffc88d258cd3aaab24d4d617d1d2af

    • SHA1

      a76f00dab5ecccc6e56620694806e245a36af2f8

    • SHA256

      497afe4737303d9cf9855c0f79d8c09a22fc43553cff6690cfffddc06e636aa8

    • SHA512

      f4117c3033b58d0e142e231e5166e6d372335f3e7e89f084d95ce730f444b71503919aee19590aa5ee23b5b23a4d7bd9be79419e0d326db137e71bbc82cce597

    • SSDEEP

      786432:z5sQKOoDAQla1s5iyk2keoT1zrjVdFmfdDXhMsHHUIFnX57BXNQwptIPnc:ziQ2mg7k8Sp5Id7fUI1X1rQwptI0

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks