General

  • Target

    Joinify.exe

  • Size

    45.8MB

  • Sample

    240609-ycsfmseg94

  • MD5

    63610cad101967401d6a580f655f4e1e

  • SHA1

    25f3c873e6ec16d1c62e703f8085cf3a72d51583

  • SHA256

    b626f2b952633aabce2a7461ba1e296cceb00c595b752f322a070629d53d36b1

  • SHA512

    12c29e8aecc070570d084fd9ad29711f8194a734252e5041930f768e8feb0cc8ccd57d40403358f24237bf76664e767184b581ce1a1c968c682c713149461bc3

  • SSDEEP

    786432:himQ8daQ+fUTLJ5Cg2j6+s7LWB75zuqIdHaSV1Ji4OlDeaC9/JqrYEap9W2HC/Wy:hpQ8daQ+fUTd532qHWB75iqvSV9eO9pr

Malware Config

Targets

    • Target

      Joinify.exe

    • Size

      45.8MB

    • MD5

      63610cad101967401d6a580f655f4e1e

    • SHA1

      25f3c873e6ec16d1c62e703f8085cf3a72d51583

    • SHA256

      b626f2b952633aabce2a7461ba1e296cceb00c595b752f322a070629d53d36b1

    • SHA512

      12c29e8aecc070570d084fd9ad29711f8194a734252e5041930f768e8feb0cc8ccd57d40403358f24237bf76664e767184b581ce1a1c968c682c713149461bc3

    • SSDEEP

      786432:himQ8daQ+fUTLJ5Cg2j6+s7LWB75zuqIdHaSV1Ji4OlDeaC9/JqrYEap9W2HC/Wy:hpQ8daQ+fUTd532qHWB75iqvSV9eO9pr

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks