General

  • Target

    HV_x64_build.exe

  • Size

    3.3MB

  • Sample

    240611-jgnkxsygrg

  • MD5

    a1806cf65bc308eb5a7d0cb9f99bb0fd

  • SHA1

    737536505d790acf659a841ca363c43b65019948

  • SHA256

    3800235b9c767007ae8bcea37cecc720d787a97b46d6adea7e73ac305c6cb192

  • SHA512

    5daf41c943aba03f0b90ae8d320373d2d0ea1dcd7709f879917c1841dbc871f73722df75eaec4e7f8037c32d5950a492718ba4d1eae178ce2f90832a560e843f

  • SSDEEP

    98304:G8FjnRkdKkBErWKdoQEqjkSMmiqElz+7IIY7dMIn/HGHxmoCrwUZ:G8nwKxrzoQEhlqIa7rYeQmHxmoCrwUZ

Malware Config

Targets

    • Target

      HV_x64_build.exe

    • Size

      3.3MB

    • MD5

      a1806cf65bc308eb5a7d0cb9f99bb0fd

    • SHA1

      737536505d790acf659a841ca363c43b65019948

    • SHA256

      3800235b9c767007ae8bcea37cecc720d787a97b46d6adea7e73ac305c6cb192

    • SHA512

      5daf41c943aba03f0b90ae8d320373d2d0ea1dcd7709f879917c1841dbc871f73722df75eaec4e7f8037c32d5950a492718ba4d1eae178ce2f90832a560e843f

    • SSDEEP

      98304:G8FjnRkdKkBErWKdoQEqjkSMmiqElz+7IIY7dMIn/HGHxmoCrwUZ:G8nwKxrzoQEhlqIa7rYeQmHxmoCrwUZ

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks