General

  • Target

    Build.exe

  • Size

    11.9MB

  • Sample

    240302-vvtvmsfc9v

  • MD5

    2fbf75fbac01d42161fdeb6adbd0d979

  • SHA1

    3ef5530a433923276191eec8d98aa462194aa829

  • SHA256

    8eeda0849b8bffc5d26ee56f02162f2e75e4271c4257c309197f3645fac47c03

  • SHA512

    1c208f3a5202c578e6f70474566f0929954b5678215ad962f84a7febee1b9c7a0a1cc3040763192a3ed9ebdf395bd9aa113ee313bf6f951973a717fec423472d

  • SSDEEP

    196608:AFH/xtSYJodEawY/7HPjloM1LiUIX099RYU9ptAzvZaZoM2S5HQoFKArPWug0Vg:AFfxtjJ/an7HPZ12TE99R3zmhbShKArI

Malware Config

Targets

    • Target

      Build.exe

    • Size

      11.9MB

    • MD5

      2fbf75fbac01d42161fdeb6adbd0d979

    • SHA1

      3ef5530a433923276191eec8d98aa462194aa829

    • SHA256

      8eeda0849b8bffc5d26ee56f02162f2e75e4271c4257c309197f3645fac47c03

    • SHA512

      1c208f3a5202c578e6f70474566f0929954b5678215ad962f84a7febee1b9c7a0a1cc3040763192a3ed9ebdf395bd9aa113ee313bf6f951973a717fec423472d

    • SSDEEP

      196608:AFH/xtSYJodEawY/7HPjloM1LiUIX099RYU9ptAzvZaZoM2S5HQoFKArPWug0Vg:AFfxtjJ/an7HPZ12TE99R3zmhbShKArI

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Creates new service(s)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks