General
-
Target
CUM.exe
-
Size
3.8MB
-
Sample
240404-wnr8xaec8s
-
MD5
87352a1c674642f0469d6027d8773324
-
SHA1
bcf151a5631cbb1d0af8b27c24468b800d811b59
-
SHA256
1a2ed40db1deada2550b15dbaf06ab0e59c3d14b675898cbfe14a5e59fc43f84
-
SHA512
2962d030e04e7a62eae2d1fd6ad04de3bc8ee9ff8a9ed3757a676d03b1bc41bf33498f99cedeaaeed6d85eba6265fbb12884b3acfbb36fef3bcf8380b4eba339
-
SSDEEP
98304:rHXIa+/DnrjJqvPWuuwTxlCpMxWXzFptVmel5:rF+/jrjMWwTxMpMIpbVmO5
Behavioral task
behavioral1
Sample
CUM.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CUM.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
CUM.exe
-
Size
3.8MB
-
MD5
87352a1c674642f0469d6027d8773324
-
SHA1
bcf151a5631cbb1d0af8b27c24468b800d811b59
-
SHA256
1a2ed40db1deada2550b15dbaf06ab0e59c3d14b675898cbfe14a5e59fc43f84
-
SHA512
2962d030e04e7a62eae2d1fd6ad04de3bc8ee9ff8a9ed3757a676d03b1bc41bf33498f99cedeaaeed6d85eba6265fbb12884b3acfbb36fef3bcf8380b4eba339
-
SSDEEP
98304:rHXIa+/DnrjJqvPWuuwTxlCpMxWXzFptVmel5:rF+/jrjMWwTxMpMIpbVmO5
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-