Resubmissions

28-04-2024 01:33

240428-byl5esdb52 9

28-04-2024 01:29

240428-bwmm6sdd6y 9

General

  • Target

    goldgoldogldolgoldoglgoldfoldgoldogl.exe

  • Size

    5.7MB

  • Sample

    240428-bwmm6sdd6y

  • MD5

    d1537172b59fb75bc967366a7753c09a

  • SHA1

    b425193c73307efb699d35aa2fae1342870a7dd1

  • SHA256

    88595ad1c40c4faca9fbd5e6ca7b9a6362528fdbfa81d73334a9c1ce76beaeeb

  • SHA512

    0c13c4da8369c351fdf00ab41c6b105e9eaf59352b914e762da5c5d5c648d579527d26c7c45d38f804f931565fc9f46e01b7ceb7f498f5a34cc0f44d072bf132

  • SSDEEP

    98304:h/WMW3SID8VwnLrzpKIXW1gnHjDwkCjM59H:gMW3WVWzpKIJH3wkCjM59H

Malware Config

Targets

    • Target

      goldgoldogldolgoldoglgoldfoldgoldogl.exe

    • Size

      5.7MB

    • MD5

      d1537172b59fb75bc967366a7753c09a

    • SHA1

      b425193c73307efb699d35aa2fae1342870a7dd1

    • SHA256

      88595ad1c40c4faca9fbd5e6ca7b9a6362528fdbfa81d73334a9c1ce76beaeeb

    • SHA512

      0c13c4da8369c351fdf00ab41c6b105e9eaf59352b914e762da5c5d5c648d579527d26c7c45d38f804f931565fc9f46e01b7ceb7f498f5a34cc0f44d072bf132

    • SSDEEP

      98304:h/WMW3SID8VwnLrzpKIXW1gnHjDwkCjM59H:gMW3WVWzpKIJH3wkCjM59H

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks