General

  • Target

    de3e58bfa24c07ba1fa7a5d8b3b92105.exe

  • Size

    6.1MB

  • Sample

    231220-qv8xcagegk

  • MD5

    de3e58bfa24c07ba1fa7a5d8b3b92105

  • SHA1

    e8d5a735e6638360c1572ddd63198166d4c634c9

  • SHA256

    668fc345d9de1f0e519e5e9309b520ca10af01081e45a58d13380ae3ee38bedd

  • SHA512

    8c621a9a0b2d4d13b707a8daa319fefe1c1c58449ff6a30dfb66ebe0311a04644947ffe1ae70c1854543197a54dc58624c137a74bf8a7a1d91e2872fba1011cd

  • SSDEEP

    196608:A5onDqM1e6Dxt4DRgBFMhkjm0vAzpJsTq7jL:Akw6L4DRgBvDYpGTq

Malware Config

Targets

    • Target

      de3e58bfa24c07ba1fa7a5d8b3b92105.exe

    • Size

      6.1MB

    • MD5

      de3e58bfa24c07ba1fa7a5d8b3b92105

    • SHA1

      e8d5a735e6638360c1572ddd63198166d4c634c9

    • SHA256

      668fc345d9de1f0e519e5e9309b520ca10af01081e45a58d13380ae3ee38bedd

    • SHA512

      8c621a9a0b2d4d13b707a8daa319fefe1c1c58449ff6a30dfb66ebe0311a04644947ffe1ae70c1854543197a54dc58624c137a74bf8a7a1d91e2872fba1011cd

    • SSDEEP

      196608:A5onDqM1e6Dxt4DRgBFMhkjm0vAzpJsTq7jL:Akw6L4DRgBvDYpGTq

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks