General

  • Target

    Installer_patched.exe

  • Size

    18.9MB

  • Sample

    240306-twdpdacd42

  • MD5

    2a189d9f7f70aa04cc814a207cf4ab82

  • SHA1

    087f724eff0d1100541cf5fcc29f8180731f5ed7

  • SHA256

    567b68b4686c9e40bb50a9697cf2393c0219f4873764efbb01a2a9b2d65f0bc5

  • SHA512

    5016f7f1359303dec3f469de1ad249f2b16a294fe0d6b08f3068a720518165d5809191f3158c8529ccee78fe7d1561608ec8c062dd19b0f78360dc8182274ddd

  • SSDEEP

    196608:B9GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDV:BkYVI5DK2NNs6LtYdEhSpZ

Malware Config

Targets

    • Target

      Installer_patched.exe

    • Size

      18.9MB

    • MD5

      2a189d9f7f70aa04cc814a207cf4ab82

    • SHA1

      087f724eff0d1100541cf5fcc29f8180731f5ed7

    • SHA256

      567b68b4686c9e40bb50a9697cf2393c0219f4873764efbb01a2a9b2d65f0bc5

    • SHA512

      5016f7f1359303dec3f469de1ad249f2b16a294fe0d6b08f3068a720518165d5809191f3158c8529ccee78fe7d1561608ec8c062dd19b0f78360dc8182274ddd

    • SSDEEP

      196608:B9GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDV:BkYVI5DK2NNs6LtYdEhSpZ

    • Jupyter, SolarMarker

      Jupyter is a backdoor and infostealer first seen in mid 2020.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks