General

  • Target

    8eb3a2b0c546da0b5c595cbbba207db7f990b3726075ea45f7decf57b863f5bb.exe

  • Size

    28.4MB

  • Sample

    240615-b9762avfkd

  • MD5

    f3c5a2f7998dda93df0ffce490040183

  • SHA1

    cb6555cff3334f9415c542496de591a95c6ac325

  • SHA256

    8eb3a2b0c546da0b5c595cbbba207db7f990b3726075ea45f7decf57b863f5bb

  • SHA512

    8a7d8dc45f1d9a525082bc97cb5fea87de07f22554825a613f0ea0f311eae702e4b2286a11af67d7d5273bc4d844f5bef25c64b4ae4793777c1383276e31b560

  • SSDEEP

    393216:ABXfXgSZvx+hS9yZC7g8eQkmIGWyYFNLF/H0ef91mAHj16obsHQlKfjDUcC0K/Zg:AlQavMw9yZOfgc8pfr/sHjUx7VqXu4l

Score
10/10

Malware Config

Targets

    • Target

      8eb3a2b0c546da0b5c595cbbba207db7f990b3726075ea45f7decf57b863f5bb.exe

    • Size

      28.4MB

    • MD5

      f3c5a2f7998dda93df0ffce490040183

    • SHA1

      cb6555cff3334f9415c542496de591a95c6ac325

    • SHA256

      8eb3a2b0c546da0b5c595cbbba207db7f990b3726075ea45f7decf57b863f5bb

    • SHA512

      8a7d8dc45f1d9a525082bc97cb5fea87de07f22554825a613f0ea0f311eae702e4b2286a11af67d7d5273bc4d844f5bef25c64b4ae4793777c1383276e31b560

    • SSDEEP

      393216:ABXfXgSZvx+hS9yZC7g8eQkmIGWyYFNLF/H0ef91mAHj16obsHQlKfjDUcC0K/Zg:AlQavMw9yZOfgc8pfr/sHjUx7VqXu4l

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks