Resubmissions

30-05-2024 18:56

240530-xlvfxshe33 9

30-05-2024 18:54

240530-xkezvagb8v 9

29-05-2024 23:57

240529-3zvazaeg6s 9

General

  • Target

    asa.exe

  • Size

    7.0MB

  • Sample

    240530-xkezvagb8v

  • MD5

    e0c26d4ff2caf2baaa9968b6a1fd33ff

  • SHA1

    5631a0da13af42bbacbcfc2e878a37b857c21157

  • SHA256

    67d6547f4024b6fefc861cf459edd084508b06606d98b79cf7e323fe88057e79

  • SHA512

    a3710eefa23286dbd704d26f9d5fb5f7f4cdf4433b6c4d84238e2c9b689b4e17c0dfb29912f9796f9a4f1d61c1f0e96348effb737895ff90df58088372a367d5

  • SSDEEP

    98304:EB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:tcUG4raKu24YY7HVT4hV0AD6QgqKRgX

Malware Config

Targets

    • Target

      asa.exe

    • Size

      7.0MB

    • MD5

      e0c26d4ff2caf2baaa9968b6a1fd33ff

    • SHA1

      5631a0da13af42bbacbcfc2e878a37b857c21157

    • SHA256

      67d6547f4024b6fefc861cf459edd084508b06606d98b79cf7e323fe88057e79

    • SHA512

      a3710eefa23286dbd704d26f9d5fb5f7f4cdf4433b6c4d84238e2c9b689b4e17c0dfb29912f9796f9a4f1d61c1f0e96348effb737895ff90df58088372a367d5

    • SSDEEP

      98304:EB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:tcUG4raKu24YY7HVT4hV0AD6QgqKRgX

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks