General

  • Target

    148705bd22edae7c8cd1ed96ddd298cf49222a6f4057d0cf2e9bc100755db9bc

  • Size

    2.5MB

  • Sample

    240412-xms99adb22

  • MD5

    7129024da28ccee803057e1ce63cb711

  • SHA1

    296962dcc62caf166e54d0984e4d399e01645ae2

  • SHA256

    148705bd22edae7c8cd1ed96ddd298cf49222a6f4057d0cf2e9bc100755db9bc

  • SHA512

    99d8e843b0560a53ae617ebf571526fa32e8ab2cea4b97198f82e08bb5e3309bab84f9a37da130ececcac0f86252e556fddcb6a76856e95a4015cd2851ddf40e

  • SSDEEP

    49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxL:hxx9NUFkQx753uWuCyyxL

Malware Config

Targets

    • Target

      148705bd22edae7c8cd1ed96ddd298cf49222a6f4057d0cf2e9bc100755db9bc

    • Size

      2.5MB

    • MD5

      7129024da28ccee803057e1ce63cb711

    • SHA1

      296962dcc62caf166e54d0984e4d399e01645ae2

    • SHA256

      148705bd22edae7c8cd1ed96ddd298cf49222a6f4057d0cf2e9bc100755db9bc

    • SHA512

      99d8e843b0560a53ae617ebf571526fa32e8ab2cea4b97198f82e08bb5e3309bab84f9a37da130ececcac0f86252e556fddcb6a76856e95a4015cd2851ddf40e

    • SSDEEP

      49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxL:hxx9NUFkQx753uWuCyyxL

    • Modifies visiblity of hidden/system files in Explorer

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks