General

  • Target

    a63e64ff30dfde0046f140339cbbfe06084a79862e075ecfd38d3a7339e1924a

  • Size

    2.4MB

  • Sample

    240413-aq4h3abf6x

  • MD5

    7635d83d86369cb2c64fb7483ad34a83

  • SHA1

    7d0dedc0fffed4e90b86cfb321d907422aa88703

  • SHA256

    a63e64ff30dfde0046f140339cbbfe06084a79862e075ecfd38d3a7339e1924a

  • SHA512

    981dc1be2d2b53b6aa851d66f51a3e486b2321e8a06a622e9abaffdff9dcf49ad1a82ae613218edc3fe51c6321f66b6bf8090a92d13f0710962476c97e7dcb7b

  • SSDEEP

    49152:L3KoBQxG9i9w4QclMHG/m9FBiC1y/uUNxff0vhtAFE9P/qX/Sk:L3KkQMcNQlHG/oF8aUz0vnx9g

Malware Config

Targets

    • Target

      a63e64ff30dfde0046f140339cbbfe06084a79862e075ecfd38d3a7339e1924a

    • Size

      2.4MB

    • MD5

      7635d83d86369cb2c64fb7483ad34a83

    • SHA1

      7d0dedc0fffed4e90b86cfb321d907422aa88703

    • SHA256

      a63e64ff30dfde0046f140339cbbfe06084a79862e075ecfd38d3a7339e1924a

    • SHA512

      981dc1be2d2b53b6aa851d66f51a3e486b2321e8a06a622e9abaffdff9dcf49ad1a82ae613218edc3fe51c6321f66b6bf8090a92d13f0710962476c97e7dcb7b

    • SSDEEP

      49152:L3KoBQxG9i9w4QclMHG/m9FBiC1y/uUNxff0vhtAFE9P/qX/Sk:L3KkQMcNQlHG/oF8aUz0vnx9g

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Modifies AppInit DLL entries

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks