General

  • Target

    3893c41239734dfb4df2f79d9e881b9d.bin

  • Size

    3.1MB

  • Sample

    231224-bynm9acehp

  • MD5

    10289792596f908351d491f02c18abd9

  • SHA1

    ad0d7f5c5a3b3a3a133c9836aeaae7b2c5a43a40

  • SHA256

    3d2ce4f285e91a50bf18faa4b10144d1b2d7905084b5d29b35110a6d12825e9d

  • SHA512

    48e25c76c7d28eb3875aadd3bd7a04278fcc35939e73825b468cdf7cd50cb3cff295b05303cbeb8da3e6fce87c161c491d484bf74594c3440003ee7d5f378589

  • SSDEEP

    98304:a8WLqH3mHnekxKa1fFp4gZTxz2OcKAw4U52bDW0ns/dLRiG8A:a7qH3mHVx1x4gZFz2s4UyDWZVipA

Malware Config

Targets

    • Target

      7cf7c98e508d3ebb85cd2a13b716c7eb6d4363feba08a9d091838d6a4a982a82.exe

    • Size

      3.2MB

    • MD5

      3893c41239734dfb4df2f79d9e881b9d

    • SHA1

      ce97fe87dc6add50bc041f1b5c019e51c2d889f5

    • SHA256

      7cf7c98e508d3ebb85cd2a13b716c7eb6d4363feba08a9d091838d6a4a982a82

    • SHA512

      b19c5adce7779edb94f9f59d2f57367db639c7a9bca4785fbe50f26c075aa3c2304cf787076320249b1b7af625f82f697e872792a8fa0f29949b61ce8e697616

    • SSDEEP

      98304:6aDhbIzn9dZVMxaLExuDk+4XNAZOAtC/:68bIzbjMxaDkzOZ7

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks