General

  • Target

    0Yu6ei4LoVzxjkHDkLw3G9x3jnngYIedMrZCANCiFLqpXrJPaD5qnzGYBFdo8p49PaMAs0ZsMV3U3tr3LG6SIDOQPwDOIDTsN0cxZIAAAAASUVORK5CYII.webp

  • Size

    22KB

  • Sample

    240608-yxafkagc97

  • MD5

    ebccdbba376b5aef5212519437d5de7c

  • SHA1

    815845dd970cf1953b35492069a2f8c5b4ee5e77

  • SHA256

    f82c5dfefc7655a3f6b175755713d53f78ca397a8e51179f0b47608229fabd2c

  • SHA512

    b9e2f8bb87ba04481c01fa24723e47c777e64dc7b928cfecfdbb86f768d498872d0fe282079fca74c583c205b32e366b7d1a6fc9fa57f397a7d059b46ff44223

  • SSDEEP

    384:NZ1YfUiyVVSvuoqDA5n27DDXFlVaFsAnLF1+988GsTVkWvSXTH0BuUY6BXHvXt:NDYflyVVSv8O2PDXFlVaWYa9ksTdSXg3

Malware Config

Targets

    • Target

      0Yu6ei4LoVzxjkHDkLw3G9x3jnngYIedMrZCANCiFLqpXrJPaD5qnzGYBFdo8p49PaMAs0ZsMV3U3tr3LG6SIDOQPwDOIDTsN0cxZIAAAAASUVORK5CYII.webp

    • Size

      22KB

    • MD5

      ebccdbba376b5aef5212519437d5de7c

    • SHA1

      815845dd970cf1953b35492069a2f8c5b4ee5e77

    • SHA256

      f82c5dfefc7655a3f6b175755713d53f78ca397a8e51179f0b47608229fabd2c

    • SHA512

      b9e2f8bb87ba04481c01fa24723e47c777e64dc7b928cfecfdbb86f768d498872d0fe282079fca74c583c205b32e366b7d1a6fc9fa57f397a7d059b46ff44223

    • SSDEEP

      384:NZ1YfUiyVVSvuoqDA5n27DDXFlVaFsAnLF1+988GsTVkWvSXTH0BuUY6BXHvXt:NDYflyVVSv8O2PDXFlVaWYa9ksTdSXg3

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks