General

  • Target

    ma_perm.exe

  • Size

    26.0MB

  • Sample

    240618-azgqnavarj

  • MD5

    eb990ea0e33cf7a00a866c0429bab52c

  • SHA1

    94caa1a5ac044d0a37c88d77d7ab08b4f1f5dc3f

  • SHA256

    5a18ee2a12d34db4527f08b5ec29d8f2ea9cbd2c4121ddc3dbe3b04282eea6df

  • SHA512

    038066bdf091e4debf5ef3bfefe51aa2852eedde05e096e7949d9fca10523eec385e5d873fe3c98ead2f9e1804ed0144c7852da7916d623e36052485245355bc

  • SSDEEP

    786432:rahwU+Pz7ah3RGwRIVpCc4VTbdL++TKXgMUnN1IG77d:Ghw76BGwRIVp94VvdL++TxMUnNaA

Malware Config

Targets

    • Target

      ma_perm.exe

    • Size

      26.0MB

    • MD5

      eb990ea0e33cf7a00a866c0429bab52c

    • SHA1

      94caa1a5ac044d0a37c88d77d7ab08b4f1f5dc3f

    • SHA256

      5a18ee2a12d34db4527f08b5ec29d8f2ea9cbd2c4121ddc3dbe3b04282eea6df

    • SHA512

      038066bdf091e4debf5ef3bfefe51aa2852eedde05e096e7949d9fca10523eec385e5d873fe3c98ead2f9e1804ed0144c7852da7916d623e36052485245355bc

    • SSDEEP

      786432:rahwU+Pz7ah3RGwRIVpCc4VTbdL++TKXgMUnN1IG77d:Ghw76BGwRIVp94VvdL++TxMUnNaA

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks