General
-
Target
modest-menu_protected.exe
-
Size
13.7MB
-
Sample
240523-xjbk2acd5z
-
MD5
a332fdb58a35c95a1998f281206db1cd
-
SHA1
e4af18424b1cf6ddb7053653660c22dfd6af9567
-
SHA256
83045343ee550f125be0c7125a2385dd0a4a3f8f3d7059f4db0f2f7a07a334b0
-
SHA512
f2d9a4fdad857e8100e839e3a7f76ce05aabfb4e8e2258ff170d00c2fd179ac703a00b6bd9ae162db7ef8db1a398a57f71de7e8350b775e234f34856178eb3c8
-
SSDEEP
196608:4RkKDeP+YxurapMz+x/EfmyVsBKirJ7riHaborEDA0/NQpLKzzbd200BdkOT73UV:4Rm+4w+mLVG1riHI3/n7d2RfBLVqw6
Malware Config
Targets
-
-
Target
modest-menu_protected.exe
-
Size
13.7MB
-
MD5
a332fdb58a35c95a1998f281206db1cd
-
SHA1
e4af18424b1cf6ddb7053653660c22dfd6af9567
-
SHA256
83045343ee550f125be0c7125a2385dd0a4a3f8f3d7059f4db0f2f7a07a334b0
-
SHA512
f2d9a4fdad857e8100e839e3a7f76ce05aabfb4e8e2258ff170d00c2fd179ac703a00b6bd9ae162db7ef8db1a398a57f71de7e8350b775e234f34856178eb3c8
-
SSDEEP
196608:4RkKDeP+YxurapMz+x/EfmyVsBKirJ7riHaborEDA0/NQpLKzzbd200BdkOT73UV:4Rm+4w+mLVG1riHI3/n7d2RfBLVqw6
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-