General

  • Target

    pbD7aWYbGkpZ53YnplcUNmTQs.exe

  • Size

    5.0MB

  • Sample

    240617-se96ksyekp

  • MD5

    e250629a4db5371dd091b93f15930d97

  • SHA1

    6ab64feeabe97de0837847df5273163de6f77842

  • SHA256

    9403f39154f5971a1fd8f9880845e34a58d09f48dccd02016a19b1b21c96fded

  • SHA512

    e4c00c54fddf22d0895ca5f0d94524a6463c6cf04fe519b9384bc678af48a2d695911fa505bbd8475b69fde529ad1a96559e5b611eaece7b3b3c875ea6db2eaa

  • SSDEEP

    98304:dWG/fJz6NAFM8K+y8z4Q0zK4XXiMRv5RMARHK6IaulxLBol5fP:dWG/fJze+M81yc4QT4n3RBRnsjBKfP

Malware Config

Targets

    • Target

      pbD7aWYbGkpZ53YnplcUNmTQs.exe

    • Size

      5.0MB

    • MD5

      e250629a4db5371dd091b93f15930d97

    • SHA1

      6ab64feeabe97de0837847df5273163de6f77842

    • SHA256

      9403f39154f5971a1fd8f9880845e34a58d09f48dccd02016a19b1b21c96fded

    • SHA512

      e4c00c54fddf22d0895ca5f0d94524a6463c6cf04fe519b9384bc678af48a2d695911fa505bbd8475b69fde529ad1a96559e5b611eaece7b3b3c875ea6db2eaa

    • SSDEEP

      98304:dWG/fJz6NAFM8K+y8z4Q0zK4XXiMRv5RMARHK6IaulxLBol5fP:dWG/fJze+M81yc4QT4n3RBRnsjBKfP

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks