General

  • Target

    37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d.exe

  • Size

    4.8MB

  • Sample

    240413-bgtsyacc3x

  • MD5

    d15459e9b9d12244a57809bc383b2757

  • SHA1

    4b41e6b5aa4f88fdf455030db94197d465de993a

  • SHA256

    37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d

  • SHA512

    40558644ca9918b84a9438a3a2c4d85a97ddec378aed23756e14c57351d4b4c82d6316add1e62243826328e42c766784cee5d6cae41c6fa6c43864f5097a239c

  • SSDEEP

    98304:AZ5VfUpCCTIDsAi8LXS2vwJ1EbfdOq5elO:Axf8ivmOfdOq5elO

Malware Config

Targets

    • Target

      37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d.exe

    • Size

      4.8MB

    • MD5

      d15459e9b9d12244a57809bc383b2757

    • SHA1

      4b41e6b5aa4f88fdf455030db94197d465de993a

    • SHA256

      37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d

    • SHA512

      40558644ca9918b84a9438a3a2c4d85a97ddec378aed23756e14c57351d4b4c82d6316add1e62243826328e42c766784cee5d6cae41c6fa6c43864f5097a239c

    • SSDEEP

      98304:AZ5VfUpCCTIDsAi8LXS2vwJ1EbfdOq5elO:Axf8ivmOfdOq5elO

    • Modifies firewall policy service

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks