General

  • Target

    clx2bekuz02rp4pgehjad1i9m.exe

  • Size

    7.0MB

  • Sample

    240610-egh8zscd37

  • MD5

    aebd0b4b968cb7ccd75ca63eb0b649b3

  • SHA1

    5951ab03ec6c8e40d1e1be25ad6fe30614a8f344

  • SHA256

    d693c6a6b3eef397023f5d6dd0d59222c4d97aedbf313ef2769d5f7010cd5e7a

  • SHA512

    110e305dc09f4b06d5f83e3b360708ac7c509e5defc9e81b44d69d06dc6c5c274cd16a4700a5183df544bbe6225d0179e030266813af1561e15db8b12a34724f

  • SSDEEP

    196608:zjQsZg7CBXyjAPEMkn4iu6bdzFOu8zVW1o9wbJ7:vhZgAXL2VFl8s

Malware Config

Targets

    • Target

      clx2bekuz02rp4pgehjad1i9m.exe

    • Size

      7.0MB

    • MD5

      aebd0b4b968cb7ccd75ca63eb0b649b3

    • SHA1

      5951ab03ec6c8e40d1e1be25ad6fe30614a8f344

    • SHA256

      d693c6a6b3eef397023f5d6dd0d59222c4d97aedbf313ef2769d5f7010cd5e7a

    • SHA512

      110e305dc09f4b06d5f83e3b360708ac7c509e5defc9e81b44d69d06dc6c5c274cd16a4700a5183df544bbe6225d0179e030266813af1561e15db8b12a34724f

    • SSDEEP

      196608:zjQsZg7CBXyjAPEMkn4iu6bdzFOu8zVW1o9wbJ7:vhZgAXL2VFl8s

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks