General

  • Target

    DZKJ-1.0.0.52.exe

  • Size

    14.8MB

  • Sample

    240221-r4nhfahh57

  • MD5

    7d94503119588f1e769d1a871a949969

  • SHA1

    d31a2fcb9fa635b7ca9cda8b6a239815a6645dcd

  • SHA256

    dcb378e8645acb7a8c2be0f51f9c9c125044659a73390d524accb96772f79a16

  • SHA512

    cc1b52450d9623d6766320cc80346fe6e8e00f669b2a3f7fd8ab95e5c610803d66457e886e62dff371421982dd21c259159eb5a0907c94562f018e816e3dd95f

  • SSDEEP

    196608:WgA3UoPtKLBSIkMmf5XPmImn/2gpi08QukGZl9lEL38NlxgjewYk1jrMX+5j6txW:pAkolIBShMwu+2ukmoKlxgjewXmxB35m

Malware Config

Targets

    • Target

      DZKJ-1.0.0.52.exe

    • Size

      14.8MB

    • MD5

      7d94503119588f1e769d1a871a949969

    • SHA1

      d31a2fcb9fa635b7ca9cda8b6a239815a6645dcd

    • SHA256

      dcb378e8645acb7a8c2be0f51f9c9c125044659a73390d524accb96772f79a16

    • SHA512

      cc1b52450d9623d6766320cc80346fe6e8e00f669b2a3f7fd8ab95e5c610803d66457e886e62dff371421982dd21c259159eb5a0907c94562f018e816e3dd95f

    • SSDEEP

      196608:WgA3UoPtKLBSIkMmf5XPmImn/2gpi08QukGZl9lEL38NlxgjewYk1jrMX+5j6txW:pAkolIBShMwu+2ukmoKlxgjewXmxB35m

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks