Resubmissions
03/09/2024, 14:55
240903-sar47s1dnc 9General
-
Target
9f155ed96c1e340ad8a4351d4c64ef80ba53cc3177fca950abe2496cab664679
-
Size
2.9MB
-
Sample
240607-evxnjaaf26
-
MD5
d800074bc6f66162ba3b377b17ccaca3
-
SHA1
2ca3d62ff2c66035d2bd08fd47caee735abdea9a
-
SHA256
9f155ed96c1e340ad8a4351d4c64ef80ba53cc3177fca950abe2496cab664679
-
SHA512
c3899ab731370468bdd9a6b11d7219eb65a932adec2358c5217a6db7f0236d059b36bad5397e43da8eab3ed821525f90b5721f5ebc4a62fd5d72d7e68ae0e46c
-
SSDEEP
49152:vrKgP5pyOnepuIuwAc8/Ep//lh9uTE1f4M7xyOpjnZYtxIvJlRJkPN:m6PyO49YEp3lhwi4xEnZYtiJP2l
Malware Config
Targets
-
-
Target
9f155ed96c1e340ad8a4351d4c64ef80ba53cc3177fca950abe2496cab664679
-
Size
2.9MB
-
MD5
d800074bc6f66162ba3b377b17ccaca3
-
SHA1
2ca3d62ff2c66035d2bd08fd47caee735abdea9a
-
SHA256
9f155ed96c1e340ad8a4351d4c64ef80ba53cc3177fca950abe2496cab664679
-
SHA512
c3899ab731370468bdd9a6b11d7219eb65a932adec2358c5217a6db7f0236d059b36bad5397e43da8eab3ed821525f90b5721f5ebc4a62fd5d72d7e68ae0e46c
-
SSDEEP
49152:vrKgP5pyOnepuIuwAc8/Ep//lh9uTE1f4M7xyOpjnZYtxIvJlRJkPN:m6PyO49YEp3lhwi4xEnZYtiJP2l
Score9/10-
Detects executables packed with Themida
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-