1485d1fbf81653d5e89778ebb6f8eba653db2e3e11b8263f42a87c32567c7e89

General

Target

hahahahahahahahahahahahah_1.rar
Size

4.2MB
Sample

240212-y31vpsbe6x
MD5

2a0183c14e0a9362fa895121e798208e
SHA1

63705f11da0859450edccb4771be8cad204c1557
SHA256

1485d1fbf81653d5e89778ebb6f8eba653db2e3e11b8263f42a87c32567c7e89
SHA512

e226bb5ba7630d838cfc6fd0425706b067c9696e929f304e718e8fc663e81550a8536e781eaece50ae6057f9417fc9b1195ef4bb6a88651f768ab20776b1300f
SSDEEP

98304:F8x2NZi33Y0d9Yc/kTUgiyGf8jtZNo/9NWJLyrNEXcVn6r22Dsw:w2a3tvqGf8JZg90JLwfVn3g

Score

9^/10

Malware Config

Targets

- Target
  
  hahahahahahahahahahahahah/cheeto.exe
- Size
  
  4.0MB
- MD5
  
  d8a87de9f5f0a65be7aca6a2fad43850
- SHA1
  
  7dedd4726434e83118cce9bed022a9b69b2e3597
- SHA256
  
  a38bae826b70c938950a3686070282a22d8cceedb47374b4eeeaa45b2443d1c6
- SHA512
  
  f3b00b4c08d6690c38557746a873e7185be53fb18f8b6cff78e157b9090a4fe86e8428229d36f88e513c8b5139957486f198ff1b21b81c8311bc0fab46e1dd22
- SSDEEP
  
  98304:4vYC9j4fMjwI9P8FgQnPvmb/9M+bshSqZORpkcNZfGafu:4w9fMvEF5nWq+wh2k+s2u
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  hahahahahahahahahahahahah/login.exe
- Size
  
  429KB
- MD5
  
  b88444cf2c03ce4efe2a1608a379ee53
- SHA1
  
  68d9285ee72288656c258cf9db9c564226a48ddb
- SHA256
  
  d70e292a21ebc5ca1675ca585bcae52a51aad4bcee9bbbaf44b0a2cc635b64c7
- SHA512
  
  7c9e116a417f2a15d2ca3f70b61697c9e34b6131b12221032cde9d64c41993f6f8cfa34196ed99122aa34d59159955d6362827f0d4eee1688bce465539e8d633
- SSDEEP
  
  12288:Zt5NpMGK6Ia5Jr4IQAvq3eSKXvVZhuwxHvh:Zt5NGGzIo3QSqOS+VZhT
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2