General

  • Target

    d5c0d9e9b7ab82909616db51853f52fb.exe

  • Size

    6.1MB

  • Sample

    231219-mm8d3afbf9

  • MD5

    d5c0d9e9b7ab82909616db51853f52fb

  • SHA1

    260d62353d3d57326b9e88bfc61384d47d2ed58d

  • SHA256

    28a2f06c05fc57ff938deaf782e23986962785e947fb7922454779d33b0c9a84

  • SHA512

    9c1603e6c96695f251573196e2013904f4cd858ff6617cc6948253b0aa345597e8932ef68fce2f3169eb95b7c8de24be3046c1f171ea64649256d8619a55d49d

  • SSDEEP

    196608:qDvaZfDkVDSeTmU968Yiblh941pH8zabv:q+ZfCSCmT8YiBh2pcz2

Malware Config

Targets

    • Target

      d5c0d9e9b7ab82909616db51853f52fb.exe

    • Size

      6.1MB

    • MD5

      d5c0d9e9b7ab82909616db51853f52fb

    • SHA1

      260d62353d3d57326b9e88bfc61384d47d2ed58d

    • SHA256

      28a2f06c05fc57ff938deaf782e23986962785e947fb7922454779d33b0c9a84

    • SHA512

      9c1603e6c96695f251573196e2013904f4cd858ff6617cc6948253b0aa345597e8932ef68fce2f3169eb95b7c8de24be3046c1f171ea64649256d8619a55d49d

    • SSDEEP

      196608:qDvaZfDkVDSeTmU968Yiblh941pH8zabv:q+ZfCSCmT8YiBh2pcz2

    • Detected google phishing page

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks