Resubmissions

11/04/2024, 15:29

240411-swytwahe6s 10

09/04/2024, 08:07

240409-j1fpesde6x 10

General

  • Target

    c067cf39d43b39a560eca901609bc4d403f53f565d22370a0e9458b4e91a6824

  • Size

    7.2MB

  • Sample

    240411-swytwahe6s

  • MD5

    e22f713ca51e6ac129ed8dab1bedb8a6

  • SHA1

    61280be1fa0cee8c8148bdd167eb7176bb1df1b8

  • SHA256

    c067cf39d43b39a560eca901609bc4d403f53f565d22370a0e9458b4e91a6824

  • SHA512

    345bee45708ba133449dd8567ff41e9dfda48c6de4efa41d0c7c8e874767d39266ca7d5ee51e39e91eb19361d1f27b1b5a274576ea424cc6b89bcc517ab55636

  • SSDEEP

    98304:IXdmLy0iwoX1QhDopTnV+2cn0z3WKsq+iUdFW+1PI5zXlA6+V3Vloy8vbJ:KS8tX1QhkpTnV+2cn0zGKh+ia+hXlf9

Score
10/10

Malware Config

Targets

    • Target

      c067cf39d43b39a560eca901609bc4d403f53f565d22370a0e9458b4e91a6824

    • Size

      7.2MB

    • MD5

      e22f713ca51e6ac129ed8dab1bedb8a6

    • SHA1

      61280be1fa0cee8c8148bdd167eb7176bb1df1b8

    • SHA256

      c067cf39d43b39a560eca901609bc4d403f53f565d22370a0e9458b4e91a6824

    • SHA512

      345bee45708ba133449dd8567ff41e9dfda48c6de4efa41d0c7c8e874767d39266ca7d5ee51e39e91eb19361d1f27b1b5a274576ea424cc6b89bcc517ab55636

    • SSDEEP

      98304:IXdmLy0iwoX1QhDopTnV+2cn0z3WKsq+iUdFW+1PI5zXlA6+V3Vloy8vbJ:KS8tX1QhkpTnV+2cn0zGKh+ia+hXlf9

    Score
    10/10
    • Modifies firewall policy service

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks