Resubmissions

15-06-2024 03:52

240615-ee5zzaybmb 9

15-06-2024 02:31

240615-czxszswfkb 9

General

  • Target

    gtr.exe

  • Size

    5.3MB

  • Sample

    240615-ee5zzaybmb

  • MD5

    364ae7d19709187f43d70735d8d6c507

  • SHA1

    7fa00e84ec5da13f56a1e31c1b6e479edeabd5f3

  • SHA256

    b7f599d78c0a3943f299c67088fcb8821833a0fa62bf3f2ae760c85ebb326006

  • SHA512

    e320f4c2f3e5aeccd39d467840be332b23e43040568c6c90840017c99a6227b35a8fda80bab53594c150863e2df320b8a2ffaf442c3ac49fc4caa3925cd1c840

  • SSDEEP

    98304:61d+EQnFLbjVCl7oAvoMXZ8RAFgOqMQgFO+WPn84TodRDUG:eUNFTV67oAvoSWXpgxWP8YonDUG

Malware Config

Targets

    • Target

      gtr.exe

    • Size

      5.3MB

    • MD5

      364ae7d19709187f43d70735d8d6c507

    • SHA1

      7fa00e84ec5da13f56a1e31c1b6e479edeabd5f3

    • SHA256

      b7f599d78c0a3943f299c67088fcb8821833a0fa62bf3f2ae760c85ebb326006

    • SHA512

      e320f4c2f3e5aeccd39d467840be332b23e43040568c6c90840017c99a6227b35a8fda80bab53594c150863e2df320b8a2ffaf442c3ac49fc4caa3925cd1c840

    • SSDEEP

      98304:61d+EQnFLbjVCl7oAvoMXZ8RAFgOqMQgFO+WPn84TodRDUG:eUNFTV67oAvoSWXpgxWP8YonDUG

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Modifies boot configuration data using bcdedit

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks