General

  • Target

    fsfpv5.exe

  • Size

    14.9MB

  • Sample

    240610-j8wqlsfa57

  • MD5

    734fcc794ebd38934873568c6efa8655

  • SHA1

    b9f3eae58f07b773f94da5435c25556f5818e7ef

  • SHA256

    184f79b0b16d11216e8ee8e899f8d83800e717f0676d56ef66e0a4b11aeca998

  • SHA512

    154c7fab6b9b3cab6a17f0351d7b3f9f479e571d1236f6d7581380a21aff4d67fc257ccb738bc6ac2155e9926838ace55a08340009c393ef61236ab70301702e

  • SSDEEP

    393216:rhlhSIitEuuYYd0kwyzMfQuPPDYgglPi7OsuLsU3oq:nUtjhYBDYQuHDYGaSq

Malware Config

Targets

    • Target

      fsfpv5.exe

    • Size

      14.9MB

    • MD5

      734fcc794ebd38934873568c6efa8655

    • SHA1

      b9f3eae58f07b773f94da5435c25556f5818e7ef

    • SHA256

      184f79b0b16d11216e8ee8e899f8d83800e717f0676d56ef66e0a4b11aeca998

    • SHA512

      154c7fab6b9b3cab6a17f0351d7b3f9f479e571d1236f6d7581380a21aff4d67fc257ccb738bc6ac2155e9926838ace55a08340009c393ef61236ab70301702e

    • SSDEEP

      393216:rhlhSIitEuuYYd0kwyzMfQuPPDYgglPi7OsuLsU3oq:nUtjhYBDYQuHDYGaSq

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks