infinitylock | edf809eaed4a362565d99be8085fc7164b338dac1fe5a44daaa65e858cb42368 | Triage

Submit
Reports

Overview

overview

Static

static

3

Future.dll

windows10-1703-x64

Sharing

General

Target

Future.dll
Size

23KB
Sample

240210-wgp5zaeg2s
MD5

f9fb09aecaf403eb2b46255978559fd7
SHA1

cd2b838b4afe94c2317c53219a7cb949e5c1ea92
SHA256

edf809eaed4a362565d99be8085fc7164b338dac1fe5a44daaa65e858cb42368
SHA512

147253e5583dc383c686ecdeffc45f537eece26237825fbefbb50f9e452447059359df38078beadfe02e6fe8c2a1a08561e1c354e4cb783b5c2ef17bf92dd82a
SSDEEP

384:SYjaXN90BkCAJpplLHQWWldv9KjV1Vj4qsPRrOq5HejhqK77Kvgbl5E42T5rmOD+:NGXn02pl7QtlvKZvjxsP0qC+vgbYZ5rU

Score

10^/10

infinitylock evasion ransomware themida

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Future.dll

Resource

win10-20231215-en

infinitylock evasion ransomware themida

windows10-1703-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  Future.dll
- Size
  
  23KB
- MD5
  
  f9fb09aecaf403eb2b46255978559fd7
- SHA1
  
  cd2b838b4afe94c2317c53219a7cb949e5c1ea92
- SHA256
  
  edf809eaed4a362565d99be8085fc7164b338dac1fe5a44daaa65e858cb42368
- SHA512
  
  147253e5583dc383c686ecdeffc45f537eece26237825fbefbb50f9e452447059359df38078beadfe02e6fe8c2a1a08561e1c354e4cb783b5c2ef17bf92dd82a
- SSDEEP
  
  384:SYjaXN90BkCAJpplLHQWWldv9KjV1Vj4qsPRrOq5HejhqK77Kvgbl5E42T5rmOD+:NGXn02pl7QtlvKZvjxsP0qC+vgbYZ5rU
Score

10^/10

infinitylock evasion ransomware themida
- InfinityLock Ransomware
  Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
  ransomware infinitylock
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

infinitylockevasionransomwarethemida

© 2018-2024

Terms | Privacy