General

  • Target

    client.exe

  • Size

    5.6MB

  • Sample

    240609-2x8j5sgf93

  • MD5

    6d359f00810a4fb936fddc2f7fffd887

  • SHA1

    9c813aaae76efed47c7063c7e1753648850b4772

  • SHA256

    ba5cb0b913f453b3db0e8dbbb33d7393bc5ac51bd213c3e5834118f512f68f60

  • SHA512

    0fe3c4f25aab297e2e645119a06768e82099644261e005754371ed25a4e42e8d6a56d851fb910f85f6da744196084a623c75c4422e5e134c41963154bcab48e8

  • SSDEEP

    98304:QIXMBGkJgg2N4zoWbjrev3INYd48pJZRbvcD9MhgcUgJIqkPQQ8O:EGegHaoWbHevTHZpvkMhgcUgfk4Q8O

Malware Config

Targets

    • Target

      client.exe

    • Size

      5.6MB

    • MD5

      6d359f00810a4fb936fddc2f7fffd887

    • SHA1

      9c813aaae76efed47c7063c7e1753648850b4772

    • SHA256

      ba5cb0b913f453b3db0e8dbbb33d7393bc5ac51bd213c3e5834118f512f68f60

    • SHA512

      0fe3c4f25aab297e2e645119a06768e82099644261e005754371ed25a4e42e8d6a56d851fb910f85f6da744196084a623c75c4422e5e134c41963154bcab48e8

    • SSDEEP

      98304:QIXMBGkJgg2N4zoWbjrev3INYd48pJZRbvcD9MhgcUgJIqkPQQ8O:EGegHaoWbHevTHZpvkMhgcUgfk4Q8O

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks