Resubmissions

13/04/2024, 04:48

240413-ffjzkaee7v 10

13/04/2024, 01:03

240413-beq92ahd35 10

General

  • Target

    1e1db7c0d0c0e06f59ea26fc0e74c240873594c7c590fd9f3e4f34ecb1408213.exe

  • Size

    4.1MB

  • Sample

    240413-beq92ahd35

  • MD5

    e636b1cca5d4a405df0f618b73c2df0a

  • SHA1

    7f5e0a87ef7952693e454fdd4e303d292fe4397f

  • SHA256

    1e1db7c0d0c0e06f59ea26fc0e74c240873594c7c590fd9f3e4f34ecb1408213

  • SHA512

    d661be8b75320072b7bb9a28c7d08737863d0506062b6260ece4171bb6047fd391300ed56e5363bd852f1789eed0e00f23af5a47dcecbf8de4575c7b875cffec

  • SSDEEP

    98304:h4zguqIX/Z8E5wzOxkAAHmY8obinW9GkQlGpBjpqhXHphaRR:h4zguZX6EaOKAAL8w8W9XrjYh3phaRR

Score
10/10

Malware Config

Targets

    • Target

      1e1db7c0d0c0e06f59ea26fc0e74c240873594c7c590fd9f3e4f34ecb1408213.exe

    • Size

      4.1MB

    • MD5

      e636b1cca5d4a405df0f618b73c2df0a

    • SHA1

      7f5e0a87ef7952693e454fdd4e303d292fe4397f

    • SHA256

      1e1db7c0d0c0e06f59ea26fc0e74c240873594c7c590fd9f3e4f34ecb1408213

    • SHA512

      d661be8b75320072b7bb9a28c7d08737863d0506062b6260ece4171bb6047fd391300ed56e5363bd852f1789eed0e00f23af5a47dcecbf8de4575c7b875cffec

    • SSDEEP

      98304:h4zguqIX/Z8E5wzOxkAAHmY8obinW9GkQlGpBjpqhXHphaRR:h4zguZX6EaOKAAL8w8W9XrjYh3phaRR

    Score
    10/10
    • Modifies firewall policy service

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks