General

  • Target

    39df45406b960f58c999ee316263b5e9.bin

  • Size

    6.1MB

  • Sample

    231223-bqfyfadhbj

  • MD5

    39df45406b960f58c999ee316263b5e9

  • SHA1

    fb5ec8d1e1fac95195c46eefcf35ff1b2697dde5

  • SHA256

    4593936c60786fe21955a4eeab723f809c14fdc7b040e90240c49d1e7f977a11

  • SHA512

    6dc0b69381f84fb26e1336649b898cd71e953b0cd9155b073f6ade30ead5931d8cf5a7c927216b2fd77d43af0aae26febaab04de5cb5fe11ee8cd681b7b3e893

  • SSDEEP

    196608:nAKEnQ8TlJFB6GyjYvoQ8bQ6xYYtHrqB1z:AzLb6gQQcYCHU1

Malware Config

Targets

    • Target

      39df45406b960f58c999ee316263b5e9.bin

    • Size

      6.1MB

    • MD5

      39df45406b960f58c999ee316263b5e9

    • SHA1

      fb5ec8d1e1fac95195c46eefcf35ff1b2697dde5

    • SHA256

      4593936c60786fe21955a4eeab723f809c14fdc7b040e90240c49d1e7f977a11

    • SHA512

      6dc0b69381f84fb26e1336649b898cd71e953b0cd9155b073f6ade30ead5931d8cf5a7c927216b2fd77d43af0aae26febaab04de5cb5fe11ee8cd681b7b3e893

    • SSDEEP

      196608:nAKEnQ8TlJFB6GyjYvoQ8bQ6xYYtHrqB1z:AzLb6gQQcYCHU1

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks