General

  • Target

    4eb552b7b23b64fefd2bc32a45d2f437.bin

  • Size

    6.1MB

  • Sample

    231224-b9k2hafda8

  • MD5

    4eb552b7b23b64fefd2bc32a45d2f437

  • SHA1

    5c3e694b04b8c98f3c42992b6ddfede89ffc8cc9

  • SHA256

    c4841f0dbc222ec7aca0ef48abbadf84ad429d2ec8aeaa87eadf35ac2cd55ba7

  • SHA512

    4a3f1a7796c85a6c62ba335a75b7c1fccfb95df56c1a245e0a34c564405cca28618b029f39a20a06ca0338e877df26869b1dd18beed4113d27cd9c3934b7e7fa

  • SSDEEP

    98304:3yZGs+vtk+BxTCDf3o/dRi1AwHjrc4vAYogeVvVJe0FbvpZ6xMuhzv:CZm1k+rUf+CAwHXolgetvhFbv9i

Malware Config

Targets

    • Target

      4eb552b7b23b64fefd2bc32a45d2f437.bin

    • Size

      6.1MB

    • MD5

      4eb552b7b23b64fefd2bc32a45d2f437

    • SHA1

      5c3e694b04b8c98f3c42992b6ddfede89ffc8cc9

    • SHA256

      c4841f0dbc222ec7aca0ef48abbadf84ad429d2ec8aeaa87eadf35ac2cd55ba7

    • SHA512

      4a3f1a7796c85a6c62ba335a75b7c1fccfb95df56c1a245e0a34c564405cca28618b029f39a20a06ca0338e877df26869b1dd18beed4113d27cd9c3934b7e7fa

    • SSDEEP

      98304:3yZGs+vtk+BxTCDf3o/dRi1AwHjrc4vAYogeVvVJe0FbvpZ6xMuhzv:CZm1k+rUf+CAwHXolgetvhFbv9i

    • Detected google phishing page

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks