General

  • Target

    Library.exe

  • Size

    4.1MB

  • Sample

    240406-ac233sfg32

  • MD5

    04ed10d94e5cd607770eecc9aee56105

  • SHA1

    f43752eb19d1359efcc90e8b1e7078594beed40c

  • SHA256

    7da1fb99de280b8baf392e8d5a62026cf709b202bf78cc74652c3f84c90c929f

  • SHA512

    ff770a81822005bd0ff9b901cea3fc25d73daf06dafeaebf75cf2ba38841004fae6f6b102e6b34f215d1df5a647c1a398423ed32179ef1bb28b7562fa6036a27

  • SSDEEP

    98304:+80h5vs4SZWnzJgKSF3UPDV/KQBR8rOI4i1q3:pGVs44WntglyCQwAz

Malware Config

Targets

    • Target

      Library.exe

    • Size

      4.1MB

    • MD5

      04ed10d94e5cd607770eecc9aee56105

    • SHA1

      f43752eb19d1359efcc90e8b1e7078594beed40c

    • SHA256

      7da1fb99de280b8baf392e8d5a62026cf709b202bf78cc74652c3f84c90c929f

    • SHA512

      ff770a81822005bd0ff9b901cea3fc25d73daf06dafeaebf75cf2ba38841004fae6f6b102e6b34f215d1df5a647c1a398423ed32179ef1bb28b7562fa6036a27

    • SSDEEP

      98304:+80h5vs4SZWnzJgKSF3UPDV/KQBR8rOI4i1q3:pGVs44WntglyCQwAz

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks