General

  • Target

    VC_redist.x64.exe

  • Size

    3.3MB

  • Sample

    240611-thysdssfle

  • MD5

    1fcd2cb3a0dca30e936a1e1e94a731a8

  • SHA1

    f2f35ebd45e268cab7e45f72df2cc8a6ceb4e2a3

  • SHA256

    dbe3204db121592433ec888fb34e842f8e81e3534ac907aba1876a16bc8bfac5

  • SHA512

    9beb82f8f25abf3e5f97f70d30dd767f2be043790bf43fd266ed6d96e079284bc4c645dc2a9d353a02a5ecf77491fe648258e578b88b53988ff3628d50a18a1f

  • SSDEEP

    98304:rEmjqVz8WFanFeGwwxprUOvH3xFByH2Mc6+6MCb2UGG:rDjQ8WFCcGwS1HONcR6MtUGG

Malware Config

Targets

    • Target

      VC_redist.x64.exe

    • Size

      3.3MB

    • MD5

      1fcd2cb3a0dca30e936a1e1e94a731a8

    • SHA1

      f2f35ebd45e268cab7e45f72df2cc8a6ceb4e2a3

    • SHA256

      dbe3204db121592433ec888fb34e842f8e81e3534ac907aba1876a16bc8bfac5

    • SHA512

      9beb82f8f25abf3e5f97f70d30dd767f2be043790bf43fd266ed6d96e079284bc4c645dc2a9d353a02a5ecf77491fe648258e578b88b53988ff3628d50a18a1f

    • SSDEEP

      98304:rEmjqVz8WFanFeGwwxprUOvH3xFByH2Mc6+6MCb2UGG:rDjQ8WFCcGwS1HONcR6MtUGG

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks