General
-
Target
MonsterSpoofer-NoUI.exe
-
Size
6.8MB
-
Sample
240409-sawgmadd5v
-
MD5
bb9c47155d8e48dedddbc88619f8bd9f
-
SHA1
e38ad9003ebc32569edd82baea5c874c1f9df145
-
SHA256
ffb8ae5690f779d76a84c8700634ef212afa1096b1bf72bc9d57a0126d3cae7c
-
SHA512
661e56fcee2947351e4d4726aaa738f24ee76ad5514b1b7f589b03cc7a374676767d8e4178450c4e86b872890f07e84456ab3b8e3a92dc11a2e237af2de6bb6d
-
SSDEEP
196608:CQgZYRoUPQwJHKhL/9bxOoyZEX0B5J/URbp1lnA/L6BZ9k:CQgZhUfJHKvbxvtEBjUdlmLuK
Malware Config
Targets
-
-
Target
MonsterSpoofer-NoUI.exe
-
Size
6.8MB
-
MD5
bb9c47155d8e48dedddbc88619f8bd9f
-
SHA1
e38ad9003ebc32569edd82baea5c874c1f9df145
-
SHA256
ffb8ae5690f779d76a84c8700634ef212afa1096b1bf72bc9d57a0126d3cae7c
-
SHA512
661e56fcee2947351e4d4726aaa738f24ee76ad5514b1b7f589b03cc7a374676767d8e4178450c4e86b872890f07e84456ab3b8e3a92dc11a2e237af2de6bb6d
-
SSDEEP
196608:CQgZYRoUPQwJHKhL/9bxOoyZEX0B5J/URbp1lnA/L6BZ9k:CQgZhUfJHKvbxvtEBjUdlmLuK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-