Overview

overview

9

Static

static

7

MWIII UPDATED AIO.exe

windows11-21h2-x64

Resubmissions

09/06/2024, 05:28

240609-f6esjafa54 9

09/06/2024, 05:26

240609-f48b3aeb7s 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MWIII UPDATED AIO.exe

  • Size

    5.6MB

  • Sample

    240609-f48b3aeb7s

  • MD5

    54fe3129e56a5cb3fcda5cce59cd83f3

  • SHA1

    522686e0d7cd6727d63c08b3806adccf48928e6d

  • SHA256

    546ba562b2d4d7c4889b713472ad571a39d898b579a99ee778ce489300b6a6c6

  • SHA512

    4999793e313c16a0b84aded1978ed895afbb129a3ea222b030973154a7f149b15eefda0c642f95a02df395d0152b408efce8eefd9c6313c9c59ace72919ae8b0

  • SSDEEP

    98304:Hj3o0kr2I2PfH2xeMzgTkU4BnTfy8bPVDEsvEVwyzzDH0rCNkeFc8n:D3Tkrr2mxeqKXunm4PVDWwy3DH0gkeFl

Score
9/10
evasionransomwarethemidatrojan

Malware Config

Targets

    • Target

      MWIII UPDATED AIO.exe

    • Size

      5.6MB

    • MD5

      54fe3129e56a5cb3fcda5cce59cd83f3

    • SHA1

      522686e0d7cd6727d63c08b3806adccf48928e6d

    • SHA256

      546ba562b2d4d7c4889b713472ad571a39d898b579a99ee778ce489300b6a6c6

    • SHA512

      4999793e313c16a0b84aded1978ed895afbb129a3ea222b030973154a7f149b15eefda0c642f95a02df395d0152b408efce8eefd9c6313c9c59ace72919ae8b0

    • SSDEEP

      98304:Hj3o0kr2I2PfH2xeMzgTkU4BnTfy8bPVDEsvEVwyzzDH0rCNkeFc8n:D3Tkrr2mxeqKXunm4PVDWwy3DH0gkeFl

    Score
    9/10
    evasionransomwarethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks