General

  • Target

    008d1f88e2ac16aadc7635124282b6c7fd785db4fc0e3ba2c59673a036700cb4

  • Size

    2.6MB

  • Sample

    240412-wp49vsce58

  • MD5

    c8c1e2de2c49494df2768a49679dc8ba

  • SHA1

    efb3301cd6869e0b97a3a1bde24e9ad10c4dc6be

  • SHA256

    008d1f88e2ac16aadc7635124282b6c7fd785db4fc0e3ba2c59673a036700cb4

  • SHA512

    0446aa9ecab863403cdbb1e50fe6e83cee7b3cc33344b14048b44c619ff0b053e496f00a3e42a5c7338c8bdb85977d98f80efcc34a19b066239e743f1dbc0656

  • SSDEEP

    49152:tXT+QuXdpYGTzMMBAEi4/XFb30SBPpmdS+my+zu8Gebor3K+cXKBiTLGA:ctKGhBAETX5kSBPpZy5GI6RKBiWA

Malware Config

Targets

    • Target

      008d1f88e2ac16aadc7635124282b6c7fd785db4fc0e3ba2c59673a036700cb4

    • Size

      2.6MB

    • MD5

      c8c1e2de2c49494df2768a49679dc8ba

    • SHA1

      efb3301cd6869e0b97a3a1bde24e9ad10c4dc6be

    • SHA256

      008d1f88e2ac16aadc7635124282b6c7fd785db4fc0e3ba2c59673a036700cb4

    • SHA512

      0446aa9ecab863403cdbb1e50fe6e83cee7b3cc33344b14048b44c619ff0b053e496f00a3e42a5c7338c8bdb85977d98f80efcc34a19b066239e743f1dbc0656

    • SSDEEP

      49152:tXT+QuXdpYGTzMMBAEi4/XFb30SBPpmdS+my+zu8Gebor3K+cXKBiTLGA:ctKGhBAETX5kSBPpZy5GI6RKBiWA

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Modifies AppInit DLL entries

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks