General

  • Target

    fa0fa167e3936cc0d7acdaf7f980d8e3.bin

  • Size

    6.1MB

  • Sample

    231224-egdy9sfafn

  • MD5

    9a5fc90fa9797550007fc257bed151f9

  • SHA1

    c7695817fbff44b437ccc7cd91f06996759ad1c2

  • SHA256

    800fa58a977a4eb7a356de3c2577a17087dd272886983cc18d7d3d7dc2d20f18

  • SHA512

    7e4ef865ee8e82cc5e56ac601af15fca234ae6320afaa8fef375ec5138b6c14503170cdedb70801596e9159ff563ee8c16cc51a4e83719ee20f43198994ff1cb

  • SSDEEP

    196608:tu8LKcsnwAmLjy5bBP81VI+iI6nTwmEAuiA:xEnwAWy59P81Vri1nTgL

Malware Config

Targets

    • Target

      d52c0665af99127cda4aed83d4f7c4b723fe4848435f7789bd4973c87a31f838.exe

    • Size

      6.1MB

    • MD5

      fa0fa167e3936cc0d7acdaf7f980d8e3

    • SHA1

      9352a14f71c52af062f9ab8d323d1f53b08e65a5

    • SHA256

      d52c0665af99127cda4aed83d4f7c4b723fe4848435f7789bd4973c87a31f838

    • SHA512

      eab11df924a643172a5c9fe56f1bc6b877fdadab64c986d6b72bb21304de723cabb11432dc824861ce74644615ab6952721d5402a85b4498da81c1ecfa499a63

    • SSDEEP

      196608:4Admesqc+mfhZ/BJ++DFNYEenrwNiM57fNK:Q7fhfJ++DHJen8iy74

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks