General

  • Target

    Blueberry_External_Updated_Fixed.exe

  • Size

    4.2MB

  • Sample

    240411-kktrsaba2z

  • MD5

    b5709c0c0631f7fe04a80f9c5275cc23

  • SHA1

    a7504068e362d228903ea320d0c2eee4c9edb968

  • SHA256

    25f01407eb4777ac941fc8888c817751e24ee58a9ef3b3f9942ed9cdbf846435

  • SHA512

    ad33caca9b35415cf03af6a7792d0d8203cec97f5e8e1ee1f9618357c8165d2dfc64ae6115a4cd55de31129889281626156121f2831926d5253724f0c6581b9c

  • SSDEEP

    98304:KVxiViMwzAPkNAa5k4ieKPLWXEsXS5T5IS:KGkMwzAPXa5dMPhsXuuS

Malware Config

Targets

    • Target

      Blueberry_External_Updated_Fixed.exe

    • Size

      4.2MB

    • MD5

      b5709c0c0631f7fe04a80f9c5275cc23

    • SHA1

      a7504068e362d228903ea320d0c2eee4c9edb968

    • SHA256

      25f01407eb4777ac941fc8888c817751e24ee58a9ef3b3f9942ed9cdbf846435

    • SHA512

      ad33caca9b35415cf03af6a7792d0d8203cec97f5e8e1ee1f9618357c8165d2dfc64ae6115a4cd55de31129889281626156121f2831926d5253724f0c6581b9c

    • SSDEEP

      98304:KVxiViMwzAPkNAa5k4ieKPLWXEsXS5T5IS:KGkMwzAPXa5dMPhsXuuS

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks