General

  • Target

    MonsterSpoofer-NoUI.exe

  • Size

    6.8MB

  • Sample

    240409-sawgmadd5v

  • MD5

    bb9c47155d8e48dedddbc88619f8bd9f

  • SHA1

    e38ad9003ebc32569edd82baea5c874c1f9df145

  • SHA256

    ffb8ae5690f779d76a84c8700634ef212afa1096b1bf72bc9d57a0126d3cae7c

  • SHA512

    661e56fcee2947351e4d4726aaa738f24ee76ad5514b1b7f589b03cc7a374676767d8e4178450c4e86b872890f07e84456ab3b8e3a92dc11a2e237af2de6bb6d

  • SSDEEP

    196608:CQgZYRoUPQwJHKhL/9bxOoyZEX0B5J/URbp1lnA/L6BZ9k:CQgZhUfJHKvbxvtEBjUdlmLuK

Malware Config

Targets

    • Target

      MonsterSpoofer-NoUI.exe

    • Size

      6.8MB

    • MD5

      bb9c47155d8e48dedddbc88619f8bd9f

    • SHA1

      e38ad9003ebc32569edd82baea5c874c1f9df145

    • SHA256

      ffb8ae5690f779d76a84c8700634ef212afa1096b1bf72bc9d57a0126d3cae7c

    • SHA512

      661e56fcee2947351e4d4726aaa738f24ee76ad5514b1b7f589b03cc7a374676767d8e4178450c4e86b872890f07e84456ab3b8e3a92dc11a2e237af2de6bb6d

    • SSDEEP

      196608:CQgZYRoUPQwJHKhL/9bxOoyZEX0B5J/URbp1lnA/L6BZ9k:CQgZhUfJHKvbxvtEBjUdlmLuK

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks