General

  • Target

    656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47.exe

  • Size

    8.7MB

  • Sample

    240522-vjm8qahg89

  • MD5

    8b8262ee5164a7cad79367a6a7e5d1ad

  • SHA1

    043f4ab26eb710aa336e0cac2868311407d360e4

  • SHA256

    656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47

  • SHA512

    b92beac1eedacd24e4bd0cf5fd5c1d75be2e59a5ff478e084afdbdc2a6324dd82cced1e0bd5a1df7c7d2abb5be7a83a33a6cdca5298370ef0f9df8ad90be6dc3

  • SSDEEP

    196608:vDA4AqUb+3ahxQgpRdGOWPcwYXJ6Ii+CeaoLP2D+los2o2hT2rkOs:vDA407hxlpmOWPcT5VTCdmuD+DUhmE

Malware Config

Targets

    • Target

      656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47.exe

    • Size

      8.7MB

    • MD5

      8b8262ee5164a7cad79367a6a7e5d1ad

    • SHA1

      043f4ab26eb710aa336e0cac2868311407d360e4

    • SHA256

      656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47

    • SHA512

      b92beac1eedacd24e4bd0cf5fd5c1d75be2e59a5ff478e084afdbdc2a6324dd82cced1e0bd5a1df7c7d2abb5be7a83a33a6cdca5298370ef0f9df8ad90be6dc3

    • SSDEEP

      196608:vDA4AqUb+3ahxQgpRdGOWPcwYXJ6Ii+CeaoLP2D+los2o2hT2rkOs:vDA407hxlpmOWPcT5VTCdmuD+DUhmE

    • Modifies security service

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Sets service image path in registry

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks