General

  • Target

    Setup.exe

  • Size

    5.3MB

  • Sample

    240411-ye5hzsee3x

  • MD5

    f8842eb19e08fabccc6b44e3d486f421

  • SHA1

    b385bfa4fc281209226573e5ff30cb054ef8fded

  • SHA256

    52bc27b219b3048e1dadf4f673281ced218a0ff023bea21f9d4fd09156bdf24d

  • SHA512

    ec1aa745908a98b65e36213ece61fe0d488196e2a3135cee8937f3e3c7d6268ad040fff81b9ad961325e41012654bb5c41ffc92c95b9068bf0c9b44a2f86ca01

  • SSDEEP

    98304:hLvMDe7SkB8nRHA3UYazCf/NH9ahq/yVlhs4VfSJXtHpivPrYGNgR2:hLvMOSkmnR+dazCf/NdyZNrqnePrfNgw

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      5.3MB

    • MD5

      f8842eb19e08fabccc6b44e3d486f421

    • SHA1

      b385bfa4fc281209226573e5ff30cb054ef8fded

    • SHA256

      52bc27b219b3048e1dadf4f673281ced218a0ff023bea21f9d4fd09156bdf24d

    • SHA512

      ec1aa745908a98b65e36213ece61fe0d488196e2a3135cee8937f3e3c7d6268ad040fff81b9ad961325e41012654bb5c41ffc92c95b9068bf0c9b44a2f86ca01

    • SSDEEP

      98304:hLvMDe7SkB8nRHA3UYazCf/NH9ahq/yVlhs4VfSJXtHpivPrYGNgR2:hLvMOSkmnR+dazCf/NdyZNrqnePrfNgw

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks