Overview

overview

9

Static

static

3

Heaven2 Pa...er.exe

windows7-x64

9

Heaven2 Pa...er.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a9a9b261969c325586470d299df5d81

  • Size

    1.5MB

  • Sample

    240214-dplhmsgg35

  • MD5

    9a9a9b261969c325586470d299df5d81

  • SHA1

    4bd10ebc86bdae331755fa8c30572254a8c8e0ac

  • SHA256

    e1be459ee2cd8094ede6d65d551876609d0f01d65d4f82786fe47ff555c2876e

  • SHA512

    08232f3cf662c8a83b4863a8221de95cd7d7821a0d52921b3e1b85ed30bb2bbde4c3f575464ae725c5d2543a39ac944eafe934540cb1caf4eef3084f1564448d

  • SSDEEP

    49152:dRnuLJsQ6bFUyNeO73NzbKRhKFKVkgjy1Vf:/wt6BJBhKR8U7mv

Score
9/10
evasion

Malware Config

Targets

    • Target

      Heaven2 Patcher/patcher.exe

    • Size

      1.6MB

    • MD5

      df2ec1b95eaec1c69d79a756e1427e70

    • SHA1

      ea84d1e1b3bc170e7ecde699bb77066e1d7ab9e0

    • SHA256

      17230610685da62d4548c312ce8784b3e0acb757ea634ff713d6418e4f2ea6f3

    • SHA512

      549dbc7347c7581dc414acb3563db5cf89c15492ec1345eda89f17863ce67d01af569c510a47177d3aef9c0be8a9c504c978023cef0411f69a518ddbd575458d

    • SSDEEP

      49152:UjXtl2GytURCf/5T9TGWO5NAA38wE3UGQqe:UjXt8hbO5NA6uJQL

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks