General
-
Target
MBSetup.exe
-
Size
2.5MB
-
Sample
240502-k498wafh58
-
MD5
b6d8b7e6f74196f62caba2ca77a7ae91
-
SHA1
6ac9c99f084b5772440e2f135b8d5365f7f45314
-
SHA256
74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
-
SHA512
ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044
-
SSDEEP
49152:/5wZat2ranBQjvaq/Gtl8StQyfvE0Z3R0nxiIq2ddBzOnX:/5wZauUBQjvL0SKtQRq2cnX
Malware Config
Targets
-
-
Target
MBSetup.exe
-
Size
2.5MB
-
MD5
b6d8b7e6f74196f62caba2ca77a7ae91
-
SHA1
6ac9c99f084b5772440e2f135b8d5365f7f45314
-
SHA256
74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
-
SHA512
ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044
-
SSDEEP
49152:/5wZat2ranBQjvaq/Gtl8StQyfvE0Z3R0nxiIq2ddBzOnX:/5wZauUBQjvL0SKtQRq2cnX
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-