General

  • Target

    MW3_Unlocker.exe

  • Size

    6.8MB

  • Sample

    240411-yx9knabh23

  • MD5

    48bc3d96299415b27b9e0729e7d1a2cc

  • SHA1

    97cfe1359eea93442803ca6433f7f4ae2911539f

  • SHA256

    4ac3e5f718c595936378e46fd4ba8c7ba310ff70a95fc06fc1a542ef7ca131e9

  • SHA512

    e162cc12c810c97057627f6a0803ee6b6ef56bd503389dfafc528b688982ff85c3ad1afcdb0bdaf7f4fa64266faae13bc4cd4b19786afde0d53b2ee9cd8f290e

  • SSDEEP

    98304:YRz+EgEa8mPm6X9tutcuDtZv20Y92VcDwwOtNN/ZDxmY6dNlQTsW6BprECXh4KFF:kDuPm6rIDK0YIt/ZLONy4poyeygZCWPa

Malware Config

Targets

    • Target

      MW3_Unlocker.exe

    • Size

      6.8MB

    • MD5

      48bc3d96299415b27b9e0729e7d1a2cc

    • SHA1

      97cfe1359eea93442803ca6433f7f4ae2911539f

    • SHA256

      4ac3e5f718c595936378e46fd4ba8c7ba310ff70a95fc06fc1a542ef7ca131e9

    • SHA512

      e162cc12c810c97057627f6a0803ee6b6ef56bd503389dfafc528b688982ff85c3ad1afcdb0bdaf7f4fa64266faae13bc4cd4b19786afde0d53b2ee9cd8f290e

    • SSDEEP

      98304:YRz+EgEa8mPm6X9tutcuDtZv20Y92VcDwwOtNN/ZDxmY6dNlQTsW6BprECXh4KFF:kDuPm6rIDK0YIt/ZLONy4poyeygZCWPa

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks