Resubmissions

11-06-2024 07:51

240611-jpzcdszarb 9

01-02-2024 21:15

240201-z35z4aecd8 9

General

  • Target

    c33acab1ddbee95302f0d54feb1c49c40dec807cec251fb6d30d056f571155e0.zip

  • Size

    2.9MB

  • Sample

    240611-jpzcdszarb

  • MD5

    c04f2da175b50e20e4012abfa0dbd5f9

  • SHA1

    8cb1a210f0d5f25c7c6be9928e45275379fc53a4

  • SHA256

    cf6a5918ae91f2ed5b91b5dbe28f4b1ef985416019099c542fb84360b7ff1283

  • SHA512

    c189a5979c269e802f9dd4623595c61ffd5265f6f09c3dc0dba7444d76e32492ca57c9027b100ed403466ca27cc6cd455dc345dc2f2e94dcf445b491833db57b

  • SSDEEP

    49152:8FvixOwpjUvxrfPJvt7zT5XR6ofeuHx01epBhBPAzHA9msyvNPRUfBvX2+NYl:8Fvix/pjKp9GoWjepBzEvNPaTNYl

Malware Config

Targets

    • Target

      c33acab1ddbee95302f0d54feb1c49c40dec807cec251fb6d30d056f571155e0

    • Size

      2.9MB

    • MD5

      713b1c97b09d0e633ede2f62556e78b9

    • SHA1

      c67835ca9504049a350fdb023ec7975cccce1674

    • SHA256

      c33acab1ddbee95302f0d54feb1c49c40dec807cec251fb6d30d056f571155e0

    • SHA512

      fadada8a709662a013a5b7984357d41fb004d3e600274ce2d067f081b246a6c8e764e104ff88c2131343d3a500a855ecd5990b968458d0bef5a1e5a15a99ee50

    • SSDEEP

      49152:f9X3GwWO9gJdmbB6v6WELRkyVVgYgHUByjGw4JGP9zwYFHbXZkigd8ljRs1pit:f9pWO96dEu6WCQUBF1CdyiPsW

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks