General

  • Target

    client_64bit_3516.exe

  • Size

    3.8MB

  • Sample

    240412-tv7aasfb2x

  • MD5

    b71c06fb816b70d4a289e857319ea898

  • SHA1

    5992b0ad9bb83432a0db281f01d4f8ea4d901f6d

  • SHA256

    80a7a0817f3ae2a97880a97074b62a3e90f1066ae51d76d5c709d7bd2dba0675

  • SHA512

    5f6ad57e4977ee25b4a9a86d27bd8bf23cab1e00bb56ea283a45d387c4eb3706518234a96a3dbd403e69d74bf439db13ea86a86b44db5ec8ebb2ddea173e62b0

  • SSDEEP

    98304:RT/RopJuXLGU293L6umGz9dNVpbgbB9jgig5TISD/rb6hABlD61D:RTapJuXLG16upRdNgdixzHj61D

Malware Config

Targets

    • Target

      client_64bit_3516.exe

    • Size

      3.8MB

    • MD5

      b71c06fb816b70d4a289e857319ea898

    • SHA1

      5992b0ad9bb83432a0db281f01d4f8ea4d901f6d

    • SHA256

      80a7a0817f3ae2a97880a97074b62a3e90f1066ae51d76d5c709d7bd2dba0675

    • SHA512

      5f6ad57e4977ee25b4a9a86d27bd8bf23cab1e00bb56ea283a45d387c4eb3706518234a96a3dbd403e69d74bf439db13ea86a86b44db5ec8ebb2ddea173e62b0

    • SSDEEP

      98304:RT/RopJuXLGU293L6umGz9dNVpbgbB9jgig5TISD/rb6hABlD61D:RTapJuXLG16upRdNgdixzHj61D

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks