General

  • Target

    OverWolf Crypter 1.1.exe

  • Size

    35.3MB

  • Sample

    240501-yvwwsafd2t

  • MD5

    dea64aebd0b2051617afb8125de0d53e

  • SHA1

    b0e4a4b64505d739e8b6cf0cb19daf7f19934e00

  • SHA256

    50062d171fd4f80379d3a1bdadc1c4c6c4ac6a2640e708d8471f3dc9614e5ed4

  • SHA512

    4d8f781c98dcfbfb9a262127a8fba6042901a49e2dfbeab57212b2ae72930718840dfdbf20058b206c149039c19a8f7be4b13a5c9d8185e572664f2c93160a4e

  • SSDEEP

    786432:MfeJhmSTrKdgwppe+aJEe77zZY+HRzO/DPeZry7zd0:jpR+a6CJYGRzO/beVym

Malware Config

Targets

    • Target

      OverWolf Crypter 1.1.exe

    • Size

      35.3MB

    • MD5

      dea64aebd0b2051617afb8125de0d53e

    • SHA1

      b0e4a4b64505d739e8b6cf0cb19daf7f19934e00

    • SHA256

      50062d171fd4f80379d3a1bdadc1c4c6c4ac6a2640e708d8471f3dc9614e5ed4

    • SHA512

      4d8f781c98dcfbfb9a262127a8fba6042901a49e2dfbeab57212b2ae72930718840dfdbf20058b206c149039c19a8f7be4b13a5c9d8185e572664f2c93160a4e

    • SSDEEP

      786432:MfeJhmSTrKdgwppe+aJEe77zZY+HRzO/DPeZry7zd0:jpR+a6CJYGRzO/beVym

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks