General

  • Target

    SandboxHooking_protected.exe

  • Size

    57.8MB

  • Sample

    240412-yme83adf46

  • MD5

    ba6b086ff3a9ef8b33bdd6ab1db4caf2

  • SHA1

    1800619def472b3ab4fcd2537e9bca6e814e71b8

  • SHA256

    f95f04b1432babfb6e580f6c4e9884fbd91b593c4a66959dd0f2f063307f6f94

  • SHA512

    6cf8f593336c587575294162ee8088618bf8de11cc7446e809c09b769a27702bb131c7b479eb1ccefac41de606c4c43f25e12914defabc35ecb04dbc516d1640

  • SSDEEP

    786432:YUnwp4R+GCMFfk07Lcs/zaDyGWM0+ToUwFbB+TUXxJr:Pe8T7Q06TUf

Malware Config

Targets

    • Target

      SandboxHooking_protected.exe

    • Size

      57.8MB

    • MD5

      ba6b086ff3a9ef8b33bdd6ab1db4caf2

    • SHA1

      1800619def472b3ab4fcd2537e9bca6e814e71b8

    • SHA256

      f95f04b1432babfb6e580f6c4e9884fbd91b593c4a66959dd0f2f063307f6f94

    • SHA512

      6cf8f593336c587575294162ee8088618bf8de11cc7446e809c09b769a27702bb131c7b479eb1ccefac41de606c4c43f25e12914defabc35ecb04dbc516d1640

    • SSDEEP

      786432:YUnwp4R+GCMFfk07Lcs/zaDyGWM0+ToUwFbB+TUXxJr:Pe8T7Q06TUf

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks