Overview

overview

9

Static

static

1

h8dn5r.html

windows7-x64

1

h8dn5r.html

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    h8dn5r

  • Size

    15KB

  • Sample

    240219-vljnbahe44

  • MD5

    52e43805e32cc39223d842c5ccf1614e

  • SHA1

    b6e79a57fbb350006fb2a57b569890fdef23d2ee

  • SHA256

    bbac5731a62721324c168256d0c44273afaa8376eb206c76cdb9aaa4ba76a3ae

  • SHA512

    a575333ad0b3959835dbd936327560e7b8b14f1e0f29fc4cc47e51afc447e8343d70b7e05eac2aa189a1299977e3efc6a042f89e912724ff0ee97dfe9512a52a

  • SSDEEP

    384:PVieLZdPEISARyiWXTCdXCpuSvg5ZVE1S+IQ/Eq0Ohr+l:YeLZdPEIYlCPSvg5XEchkgOhql

Score
9/10
evasionthemida

Malware Config

Targets

    • Target

      h8dn5r

    • Size

      15KB

    • MD5

      52e43805e32cc39223d842c5ccf1614e

    • SHA1

      b6e79a57fbb350006fb2a57b569890fdef23d2ee

    • SHA256

      bbac5731a62721324c168256d0c44273afaa8376eb206c76cdb9aaa4ba76a3ae

    • SHA512

      a575333ad0b3959835dbd936327560e7b8b14f1e0f29fc4cc47e51afc447e8343d70b7e05eac2aa189a1299977e3efc6a042f89e912724ff0ee97dfe9512a52a

    • SSDEEP

      384:PVieLZdPEISARyiWXTCdXCpuSvg5ZVE1S+IQ/Eq0Ohr+l:YeLZdPEIYlCPSvg5XEchkgOhql

    Score
    9/10
    evasionthemida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks