General

  • Target

    Heist Editor v3.6.rar

  • Size

    6.6MB

  • Sample

    240412-xv9xzagc5s

  • MD5

    02115f779b70da7c77b1192bac9dc925

  • SHA1

    180c377d921d5c9b448307cd5d4dc2963e07ffad

  • SHA256

    bcc08ebcab884234f8548034ff6fa90e3b88e533ca6db9cf667d8631df833abf

  • SHA512

    35224f704ec454a03f2518819f80e988115456e8e5fd4e96d979098084c25cb0e27858b034c4000cdb8b8772b8ec8edbb7f035baa2f5d5ddc9ed0eac5740786b

  • SSDEEP

    98304:xNTJX1QlQFHAGfVvTCQ6NdMAbfwY9QVTChXXNEnGlDSHmvSsoTkrRWwnpYM2yGAd:JX+mcQzAbDQwh9iGmYYwnjq+WHahD

Malware Config

Targets

    • Target

      Heist Editor.exe

    • Size

      7.0MB

    • MD5

      d1e3a56adaa79d6007ca0419d6741f9d

    • SHA1

      7e6aafc30d4757ae79b2425e8b41808640ac08ce

    • SHA256

      78bb4a6ab58b1312238d39e3c7879a60eda2ec5525bb0dbf90f146b13611d34a

    • SHA512

      822b271ef7395c1da3c30bd0e54cf222b19f6a1f388a720b517691d48af04867da0a63198e2a64daa124fae166749581af9f09484b3434ed4a35b3328fc6f83a

    • SSDEEP

      196608:ujsaC6A7BcA9CGKm2SAg7hqD2y2TuNM5tyGHNHg:bl6A9cA402SAgQSWMrxHG

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks