General

  • Target

    Acunetix Premium Activation Tool.exe

  • Size

    18.8MB

  • Sample

    240617-ybxzqsvhmn

  • MD5

    c293cb22c0388f1c5b7b4c4ec1effed5

  • SHA1

    eba739ec881399d858190ba8bf3633bfd687b5da

  • SHA256

    5667c295937875449f940c1866b2d6f5798d01897e71e65eb09dc5542758c2f9

  • SHA512

    59aef59bbff86d163756bce4311ff9e818612c44df6e95f33dd1000b3cb096d4d9e9d211de2e982da965754e84942ea12772a292af0972060ac466b55a79a431

  • SSDEEP

    393216:E+YEtEGt1AeYV9aseOCBFzSHOUWq+BVNG+15m9YpMFvDLUEcP:J2V9aseOCD7LqEXmGAv3UEI

Malware Config

Targets

    • Target

      Acunetix Premium Activation Tool.exe

    • Size

      18.8MB

    • MD5

      c293cb22c0388f1c5b7b4c4ec1effed5

    • SHA1

      eba739ec881399d858190ba8bf3633bfd687b5da

    • SHA256

      5667c295937875449f940c1866b2d6f5798d01897e71e65eb09dc5542758c2f9

    • SHA512

      59aef59bbff86d163756bce4311ff9e818612c44df6e95f33dd1000b3cb096d4d9e9d211de2e982da965754e84942ea12772a292af0972060ac466b55a79a431

    • SSDEEP

      393216:E+YEtEGt1AeYV9aseOCBFzSHOUWq+BVNG+15m9YpMFvDLUEcP:J2V9aseOCD7LqEXmGAv3UEI

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks