General

  • Target

    CUM.exe

  • Size

    3.8MB

  • Sample

    240404-wnr8xaec8s

  • MD5

    87352a1c674642f0469d6027d8773324

  • SHA1

    bcf151a5631cbb1d0af8b27c24468b800d811b59

  • SHA256

    1a2ed40db1deada2550b15dbaf06ab0e59c3d14b675898cbfe14a5e59fc43f84

  • SHA512

    2962d030e04e7a62eae2d1fd6ad04de3bc8ee9ff8a9ed3757a676d03b1bc41bf33498f99cedeaaeed6d85eba6265fbb12884b3acfbb36fef3bcf8380b4eba339

  • SSDEEP

    98304:rHXIa+/DnrjJqvPWuuwTxlCpMxWXzFptVmel5:rF+/jrjMWwTxMpMIpbVmO5

Malware Config

Targets

    • Target

      CUM.exe

    • Size

      3.8MB

    • MD5

      87352a1c674642f0469d6027d8773324

    • SHA1

      bcf151a5631cbb1d0af8b27c24468b800d811b59

    • SHA256

      1a2ed40db1deada2550b15dbaf06ab0e59c3d14b675898cbfe14a5e59fc43f84

    • SHA512

      2962d030e04e7a62eae2d1fd6ad04de3bc8ee9ff8a9ed3757a676d03b1bc41bf33498f99cedeaaeed6d85eba6265fbb12884b3acfbb36fef3bcf8380b4eba339

    • SSDEEP

      98304:rHXIa+/DnrjJqvPWuuwTxlCpMxWXzFptVmel5:rF+/jrjMWwTxMpMIpbVmO5

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks