Resubmissions

10/05/2024, 23:12

240510-26311saa28 9

10/05/2024, 23:11

240510-26eneshh85 9

10/05/2024, 23:06

240510-23nf6afa4s 9

General

  • Target

    Ethone.exe

  • Size

    41.3MB

  • Sample

    240510-26eneshh85

  • MD5

    141242c5ddfebec895529b44016d170e

  • SHA1

    62d5bff6ad6ded0380c088f48eec979c811f9944

  • SHA256

    9dabfe36a40e2408b2cd05fecf4b4e4b8044c83fa3d4fdce98c517c964d9b3c3

  • SHA512

    59afd59eb9af43d161052bf6164fa883f74115de652bb288bc2ba57ae2d9c24a044ac2368b1dd28d352b2cd07b2e7ae11c87dba67b4cb8eb5961fa7c8a2407b3

  • SSDEEP

    786432:ptFLjH4SBCEDXYUZB+mUBGwEv4UjozJ5XckKRWPpGLSMCaBtNcp4YcFMj/6yFtPc:prjH4SBC2ZsmUBGTLUzJhKRWS2aCzz6a

Malware Config

Targets

    • Target

      Ethone.exe

    • Size

      41.3MB

    • MD5

      141242c5ddfebec895529b44016d170e

    • SHA1

      62d5bff6ad6ded0380c088f48eec979c811f9944

    • SHA256

      9dabfe36a40e2408b2cd05fecf4b4e4b8044c83fa3d4fdce98c517c964d9b3c3

    • SHA512

      59afd59eb9af43d161052bf6164fa883f74115de652bb288bc2ba57ae2d9c24a044ac2368b1dd28d352b2cd07b2e7ae11c87dba67b4cb8eb5961fa7c8a2407b3

    • SSDEEP

      786432:ptFLjH4SBCEDXYUZB+mUBGwEv4UjozJ5XckKRWPpGLSMCaBtNcp4YcFMj/6yFtPc:prjH4SBC2ZsmUBGTLUzJhKRWS2aCzz6a

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks