General

  • Target

    luLA67.exe

  • Size

    21.4MB

  • Sample

    240617-ylxfyswcnj

  • MD5

    c3e6b454175b34a1029bc2baf954229f

  • SHA1

    f3d96667359681efef4417ae28200681777faa36

  • SHA256

    53cb0631e8ab9afb1098fec83d46fd63b535013d64be8b53481432fe3af00772

  • SHA512

    3ace265d05911ad374ce241f830a789e975e1721da32091925c53ad9d914cb63c37f659ddda5f0de24faadd5317db4bbad6c557966b9b2d5961e91491130d1de

  • SSDEEP

    393216:gwLjQQK4a0g8hnNIdQc4kNbXaB1FfZM7uqMRzReObOpD/ECkfWfTp8QAZOoRh3cy:gg8B0XhNiQe5GWMRzReeOprAubp8F3n1

Malware Config

Targets

    • Target

      luLA67.exe

    • Size

      21.4MB

    • MD5

      c3e6b454175b34a1029bc2baf954229f

    • SHA1

      f3d96667359681efef4417ae28200681777faa36

    • SHA256

      53cb0631e8ab9afb1098fec83d46fd63b535013d64be8b53481432fe3af00772

    • SHA512

      3ace265d05911ad374ce241f830a789e975e1721da32091925c53ad9d914cb63c37f659ddda5f0de24faadd5317db4bbad6c557966b9b2d5961e91491130d1de

    • SSDEEP

      393216:gwLjQQK4a0g8hnNIdQc4kNbXaB1FfZM7uqMRzReObOpD/ECkfWfTp8QAZOoRh3cy:gg8B0XhNiQe5GWMRzReeOprAubp8F3n1

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks