General

  • Target

    SecuriteInfo.com.Variant.Zusy.551321.399.736.dll

  • Size

    4.7MB

  • Sample

    240610-npep7shc3v

  • MD5

    2d50abb15c4fbb426826c2bd0dfdaf61

  • SHA1

    3a62a420cd8ba2dffa40ebcdf311205c5b76b0a4

  • SHA256

    6d456977f4d338c27ace3a30a24d10959c27101326bb015300059ed5ca6f57b8

  • SHA512

    eea037d213d738b2855c7bf7469d8ad26afa47f6220ae655c18a83b56144357e77a004fdf92405209bc56cdc8fd79a40f0119d96fd7c8281cbe40ffb8ebcc8c5

  • SSDEEP

    98304:/vJn7kuoqbKUPStwdHdWa+u+j0p9G7p47uolu4Jc4AqKnnCElfza8/a2bxuH:HN7aqbK9wHsuIPapuccSenCUfG4G

Malware Config

Targets

    • Target

      SecuriteInfo.com.Variant.Zusy.551321.399.736.dll

    • Size

      4.7MB

    • MD5

      2d50abb15c4fbb426826c2bd0dfdaf61

    • SHA1

      3a62a420cd8ba2dffa40ebcdf311205c5b76b0a4

    • SHA256

      6d456977f4d338c27ace3a30a24d10959c27101326bb015300059ed5ca6f57b8

    • SHA512

      eea037d213d738b2855c7bf7469d8ad26afa47f6220ae655c18a83b56144357e77a004fdf92405209bc56cdc8fd79a40f0119d96fd7c8281cbe40ffb8ebcc8c5

    • SSDEEP

      98304:/vJn7kuoqbKUPStwdHdWa+u+j0p9G7p47uolu4Jc4AqKnnCElfza8/a2bxuH:HN7aqbK9wHsuIPapuccSenCUfG4G

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks