General

  • Target

    29bc6f8728309108e51c79b1400566069c32d6f82b9bcc1b54017cffad8be3a3

  • Size

    2.5MB

  • Sample

    240608-zhm9jsgf97

  • MD5

    b6132f6d0e6aced60983efb745a861e3

  • SHA1

    bf2b6c8352a0c8696c9ccd2bf2fc666be9d6962b

  • SHA256

    29bc6f8728309108e51c79b1400566069c32d6f82b9bcc1b54017cffad8be3a3

  • SHA512

    fc0b53d1cd32ff6cafab6d51bc7ac29ff0d8da09d18a1a749248d11cdc30d8252f51200454ce9bc968a6096a9767fdf96515646f95117133b1b96119a6be51e5

  • SSDEEP

    49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxI:Mxx9NUFkQx753uWuCyyxI

Malware Config

Targets

    • Target

      29bc6f8728309108e51c79b1400566069c32d6f82b9bcc1b54017cffad8be3a3

    • Size

      2.5MB

    • MD5

      b6132f6d0e6aced60983efb745a861e3

    • SHA1

      bf2b6c8352a0c8696c9ccd2bf2fc666be9d6962b

    • SHA256

      29bc6f8728309108e51c79b1400566069c32d6f82b9bcc1b54017cffad8be3a3

    • SHA512

      fc0b53d1cd32ff6cafab6d51bc7ac29ff0d8da09d18a1a749248d11cdc30d8252f51200454ce9bc968a6096a9767fdf96515646f95117133b1b96119a6be51e5

    • SSDEEP

      49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxI:Mxx9NUFkQx753uWuCyyxI

    • Modifies visiblity of hidden/system files in Explorer

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks