Overview

overview

9

Static

static

1

Chaos Expl...80.exe

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chaos Exploit_06561080.exe

  • Size

    9.5MB

  • Sample

    240425-v42a3sda61

  • MD5

    1198daaa23f0af650c7cd4555fbef9e8

  • SHA1

    783f86460785027a41a84e41b42a05b4d4a1a462

  • SHA256

    25c846183e10bd2a146325effecddbabf0f390717fd11d597012a033e6daf600

  • SHA512

    1a67d52794c2047936fc4814b70dd6474837b90df7a8b5653eb8a09cf98d4df2c93fb07451a29254e2e161e9e3f0c3f87e9f5e1252a2c89f2b7f95537e80227d

  • SSDEEP

    196608:+5DcteeKaKIZJjwrqN/RFmQ3bKfIiaNPFHNRsiK1:8ctVtKckrqNnL3bIIiEHMn

Score
9/10
discoveryevasionthemida

Malware Config

Targets

    • Target

      Chaos Exploit_06561080.exe

    • Size

      9.5MB

    • MD5

      1198daaa23f0af650c7cd4555fbef9e8

    • SHA1

      783f86460785027a41a84e41b42a05b4d4a1a462

    • SHA256

      25c846183e10bd2a146325effecddbabf0f390717fd11d597012a033e6daf600

    • SHA512

      1a67d52794c2047936fc4814b70dd6474837b90df7a8b5653eb8a09cf98d4df2c93fb07451a29254e2e161e9e3f0c3f87e9f5e1252a2c89f2b7f95537e80227d

    • SSDEEP

      196608:+5DcteeKaKIZJjwrqN/RFmQ3bKfIiaNPFHNRsiK1:8ctVtKckrqNnL3bIIiEHMn

    Score
    9/10
    discoveryevasionthemida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks