General

  • Target

    Heist Editor_[unknowncheats.me]_.exe

  • Size

    7.8MB

  • Sample

    240412-xpjtlagb51

  • MD5

    30b4ce2db1eb3d0e3cd3123f06b9e94a

  • SHA1

    a5c67c2249af0f724af4ca56d993e0b13d09b056

  • SHA256

    86d1af07dc4a0e2b9e146482d34ba630145ce1cb6636eb0df6881ddf63483e45

  • SHA512

    7c0765b4adf89cbdc2718620d97065410cde05a553d01c66fe6315667e363cea01ea6c903efb32fe66317cab742180f4995fb6b094bdb04a045f8059e643d9aa

  • SSDEEP

    98304:T2nqXLxpfmSEjsUSzMeoWQQtWJmftckaojKs5+/MV895W1tnNbBdn5CLSHYsLrZU:aK6/leJQSxaojKb/i1tnnySHYEtxq

Malware Config

Targets

    • Target

      Heist Editor_[unknowncheats.me]_.exe

    • Size

      7.8MB

    • MD5

      30b4ce2db1eb3d0e3cd3123f06b9e94a

    • SHA1

      a5c67c2249af0f724af4ca56d993e0b13d09b056

    • SHA256

      86d1af07dc4a0e2b9e146482d34ba630145ce1cb6636eb0df6881ddf63483e45

    • SHA512

      7c0765b4adf89cbdc2718620d97065410cde05a553d01c66fe6315667e363cea01ea6c903efb32fe66317cab742180f4995fb6b094bdb04a045f8059e643d9aa

    • SSDEEP

      98304:T2nqXLxpfmSEjsUSzMeoWQQtWJmftckaojKs5+/MV895W1tnNbBdn5CLSHYsLrZU:aK6/leJQSxaojKb/i1tnnySHYEtxq

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks