General

  • Target

    Account_Generators_PACK.rar.html

  • Size

    18KB

  • Sample

    240608-25exsshg2x

  • MD5

    6c6540baafaf292ff0cdebea8cd77cb7

  • SHA1

    a6ad4bd434d0b40ffc30340600423a8663bdc7e7

  • SHA256

    9ec72f171a616f2dcd2d42ab10444087abd654ab00d0ac553d8dc850de767e5c

  • SHA512

    e3f1a2efa8cae79209067a89d2fdb605c31d51e3e1f5880b66f46ad943faaad0d63ab7229b6411ede871b0249514a724abd723460e445b06de8624f89764b584

  • SSDEEP

    384:KoJylIn7xpYwuu504YueHYVDRzhU3E8+UUKIz40qovP863M+J:KoJCIn7XY20tSDRzh4E8+UUKIz40qovz

Malware Config

Targets

    • Target

      Account_Generators_PACK.rar.html

    • Size

      18KB

    • MD5

      6c6540baafaf292ff0cdebea8cd77cb7

    • SHA1

      a6ad4bd434d0b40ffc30340600423a8663bdc7e7

    • SHA256

      9ec72f171a616f2dcd2d42ab10444087abd654ab00d0ac553d8dc850de767e5c

    • SHA512

      e3f1a2efa8cae79209067a89d2fdb605c31d51e3e1f5880b66f46ad943faaad0d63ab7229b6411ede871b0249514a724abd723460e445b06de8624f89764b584

    • SSDEEP

      384:KoJylIn7xpYwuu504YueHYVDRzhU3E8+UUKIz40qovP863M+J:KoJCIn7XY20tSDRzh4E8+UUKIz40qovz

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks