General

  • Target

    f3c5a2f7998dda93df0ffce490040183.bin

  • Size

    28.3MB

  • Sample

    240616-c5cd8szerk

  • MD5

    745094262f0ccc7e4968e4ba7b434ec3

  • SHA1

    07e97306f85e8486d666d11a5778ad263909903e

  • SHA256

    fd39cdabeb5cab274ef1f36bf97bb0928caf1be60d9079ef49029fda268745e1

  • SHA512

    207e50b49d41ffbd18a9ebe39454dc6e471c233575d2bcac2afc38e44aa726b38fcb2430320a0603cb319a749dd60cd0738ba5411acb3f4793fedb84650b7daa

  • SSDEEP

    786432:Xho57EWEVwXbzwjyr84+DObyk3PUwUAeNcZqLu:XhJTMwGFZsPtIOu

Malware Config

Targets

    • Target

      8eb3a2b0c546da0b5c595cbbba207db7f990b3726075ea45f7decf57b863f5bb.exe

    • Size

      28.4MB

    • MD5

      f3c5a2f7998dda93df0ffce490040183

    • SHA1

      cb6555cff3334f9415c542496de591a95c6ac325

    • SHA256

      8eb3a2b0c546da0b5c595cbbba207db7f990b3726075ea45f7decf57b863f5bb

    • SHA512

      8a7d8dc45f1d9a525082bc97cb5fea87de07f22554825a613f0ea0f311eae702e4b2286a11af67d7d5273bc4d844f5bef25c64b4ae4793777c1383276e31b560

    • SSDEEP

      393216:ABXfXgSZvx+hS9yZC7g8eQkmIGWyYFNLF/H0ef91mAHj16obsHQlKfjDUcC0K/Zg:AlQavMw9yZOfgc8pfr/sHjUx7VqXu4l

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks