General

  • Target

    MW3_Unlocker (1).exe

  • Size

    6.1MB

  • Sample

    240409-fx2kyaba6w

  • MD5

    440f3b905dfd499af206124d0375a00a

  • SHA1

    c9deca63f45589c0428dcc50fb14a933a4dc13ca

  • SHA256

    d26efbd37d69e8efeabb7f8f02468f92ee929567858c52e61449e7b75aee990c

  • SHA512

    4eae521d741876d3a88be71e7d8d1f674a1c568979405062416b9a4a0f311d9f520ed61ee57935e8c542dd4be4a976f273bf7e2f4aba56005aaf84b49338c052

  • SSDEEP

    98304:WMVjn3kaShebmkEBch4fHp5EKn5qsH8wojSHSl+fc0p7I48dsi3XkMf2:h3WcmkEgiHp5EK5qsEoK/0plIswF2

Malware Config

Targets

    • Target

      MW3_Unlocker (1).exe

    • Size

      6.1MB

    • MD5

      440f3b905dfd499af206124d0375a00a

    • SHA1

      c9deca63f45589c0428dcc50fb14a933a4dc13ca

    • SHA256

      d26efbd37d69e8efeabb7f8f02468f92ee929567858c52e61449e7b75aee990c

    • SHA512

      4eae521d741876d3a88be71e7d8d1f674a1c568979405062416b9a4a0f311d9f520ed61ee57935e8c542dd4be4a976f273bf7e2f4aba56005aaf84b49338c052

    • SSDEEP

      98304:WMVjn3kaShebmkEBch4fHp5EKn5qsH8wojSHSl+fc0p7I48dsi3XkMf2:h3WcmkEgiHp5EK5qsEoK/0plIswF2

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks