General

  • Target

    Origin Spoofer.exe

  • Size

    5.9MB

  • Sample

    240409-t1q59sfg4z

  • MD5

    23b9965c9fce686675f192a4797a11ea

  • SHA1

    54a5aed0c51b6c982baec46e6e340e2c2668f746

  • SHA256

    bf9b5cb372635440e959c22ca0dbdb817c8790bd44c87cdc97dd053b592cb4df

  • SHA512

    c42fc0f8bb2240f2ca42bd2f374a963ddfc091c4ad09ebef802a2a5c6f2ce9ebf84d08d6e6e809e0f1a4fe6c12c8f587d41a6457e3b4a81d7feedde3427e16f7

  • SSDEEP

    98304:gJDqy911KEyyccqUosaCQ4RLKvhYGGOJ4vxnpX8pvIfqDfVvALTLV4h0Z9X1+w5Z:gJOy91rfaUoEQGOUxmRZv6Xm0Pl+w5nZ

Malware Config

Targets

    • Target

      Origin Spoofer.exe

    • Size

      5.9MB

    • MD5

      23b9965c9fce686675f192a4797a11ea

    • SHA1

      54a5aed0c51b6c982baec46e6e340e2c2668f746

    • SHA256

      bf9b5cb372635440e959c22ca0dbdb817c8790bd44c87cdc97dd053b592cb4df

    • SHA512

      c42fc0f8bb2240f2ca42bd2f374a963ddfc091c4ad09ebef802a2a5c6f2ce9ebf84d08d6e6e809e0f1a4fe6c12c8f587d41a6457e3b4a81d7feedde3427e16f7

    • SSDEEP

      98304:gJDqy911KEyyccqUosaCQ4RLKvhYGGOJ4vxnpX8pvIfqDfVvALTLV4h0Z9X1+w5Z:gJOy91rfaUoEQGOUxmRZv6Xm0Pl+w5nZ

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks