General
-
Target
17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0
-
Size
8.9MB
-
Sample
240522-ptasgsbg7s
-
MD5
11960e3e037341c6a3853c5654ba1b18
-
SHA1
59e1bbe18ab48d8536abaf4ec44cd46321bc4c4f
-
SHA256
17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0
-
SHA512
8fb6872a74e24f79a66081bdf3b7220c571d65dfc70a32237ec71490e6138cd7e096c09d0945686da7c4417a8ae24af81bfc1a5294ea79094db0b838e296699a
-
SSDEEP
196608:5LDeQYhr1uJ9jSOBIt0IrT+tk5sLU+hTKNMI9:hKmJJSQICIrT+tk56hTKNp9
Malware Config
Targets
-
-
Target
17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0
-
Size
8.9MB
-
MD5
11960e3e037341c6a3853c5654ba1b18
-
SHA1
59e1bbe18ab48d8536abaf4ec44cd46321bc4c4f
-
SHA256
17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0
-
SHA512
8fb6872a74e24f79a66081bdf3b7220c571d65dfc70a32237ec71490e6138cd7e096c09d0945686da7c4417a8ae24af81bfc1a5294ea79094db0b838e296699a
-
SSDEEP
196608:5LDeQYhr1uJ9jSOBIt0IrT+tk5sLU+hTKNMI9:hKmJJSQICIrT+tk56hTKNp9
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Virtualization/Sandbox Evasion
1