General

  • Target

    BlamFREE.exe

  • Size

    5.1MB

  • Sample

    240610-fqrgdscd8v

  • MD5

    34c616e5aecef6d5e8eb159bfb64a3a5

  • SHA1

    3ac025952ba48b9415c544af3a6debf25292e1bd

  • SHA256

    aa412178ead22a7b200d0375a8cf986e19bac59b54ee8fb08d3a9d74127eefe9

  • SHA512

    6a574bd2962045173ba7306131284d3b0121b1be849a8a4fa455bdeb04d44f950c8207161b0e1160c43c45f1950e19adf59c9c1e0aaf6188d56a6132b0e4e28e

  • SSDEEP

    98304:RZNKkmUI4/speViXUmhQIhgO9xlt5kL2/UrBsfiYvlyaiMm5mBTQwJin3:xKkmUIrFUmCIzltz/SmdcMmgpQiin3

Malware Config

Targets

    • Target

      BlamFREE.exe

    • Size

      5.1MB

    • MD5

      34c616e5aecef6d5e8eb159bfb64a3a5

    • SHA1

      3ac025952ba48b9415c544af3a6debf25292e1bd

    • SHA256

      aa412178ead22a7b200d0375a8cf986e19bac59b54ee8fb08d3a9d74127eefe9

    • SHA512

      6a574bd2962045173ba7306131284d3b0121b1be849a8a4fa455bdeb04d44f950c8207161b0e1160c43c45f1950e19adf59c9c1e0aaf6188d56a6132b0e4e28e

    • SSDEEP

      98304:RZNKkmUI4/speViXUmhQIhgO9xlt5kL2/UrBsfiYvlyaiMm5mBTQwJin3:xKkmUIrFUmCIzltz/SmdcMmgpQiin3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks