General
-
Target
Heist Editor v3.6.rar
-
Size
6.6MB
-
Sample
240412-xv9xzagc5s
-
MD5
02115f779b70da7c77b1192bac9dc925
-
SHA1
180c377d921d5c9b448307cd5d4dc2963e07ffad
-
SHA256
bcc08ebcab884234f8548034ff6fa90e3b88e533ca6db9cf667d8631df833abf
-
SHA512
35224f704ec454a03f2518819f80e988115456e8e5fd4e96d979098084c25cb0e27858b034c4000cdb8b8772b8ec8edbb7f035baa2f5d5ddc9ed0eac5740786b
-
SSDEEP
98304:xNTJX1QlQFHAGfVvTCQ6NdMAbfwY9QVTChXXNEnGlDSHmvSsoTkrRWwnpYM2yGAd:JX+mcQzAbDQwh9iGmYYwnjq+WHahD
Malware Config
Targets
-
-
Target
Heist Editor.exe
-
Size
7.0MB
-
MD5
d1e3a56adaa79d6007ca0419d6741f9d
-
SHA1
7e6aafc30d4757ae79b2425e8b41808640ac08ce
-
SHA256
78bb4a6ab58b1312238d39e3c7879a60eda2ec5525bb0dbf90f146b13611d34a
-
SHA512
822b271ef7395c1da3c30bd0e54cf222b19f6a1f388a720b517691d48af04867da0a63198e2a64daa124fae166749581af9f09484b3434ed4a35b3328fc6f83a
-
SSDEEP
196608:ujsaC6A7BcA9CGKm2SAg7hqD2y2TuNM5tyGHNHg:bl6A9cA402SAgQSWMrxHG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-