General
-
Target
1c733ad7ed4f89826d675196abcc3a6133bb8f67c69d56e5fcb601ad521ff9f8
-
Size
3.6MB
-
Sample
240620-2jgjhavcjp
-
MD5
864d1a4e41a56c8f2e7e7eec89a47638
-
SHA1
1f2cb906b92a945c7346c7139c7722230005c394
-
SHA256
1c733ad7ed4f89826d675196abcc3a6133bb8f67c69d56e5fcb601ad521ff9f8
-
SHA512
547a441369636e2548c7f8f94c3972269e04d80ee5a26803cc222942b28e457be908126fb4ff6bfde2a063ea1ef74ecba2aaceb58c68fba5c4fddcea5fbd91d3
-
SSDEEP
98304:nroESehXGx5IkVu1f/ihp+t49Rd3iG2dEsL:s3ehXzgiSvGiv3tEj
Malware Config
Targets
-
-
Target
1c733ad7ed4f89826d675196abcc3a6133bb8f67c69d56e5fcb601ad521ff9f8
-
Size
3.6MB
-
MD5
864d1a4e41a56c8f2e7e7eec89a47638
-
SHA1
1f2cb906b92a945c7346c7139c7722230005c394
-
SHA256
1c733ad7ed4f89826d675196abcc3a6133bb8f67c69d56e5fcb601ad521ff9f8
-
SHA512
547a441369636e2548c7f8f94c3972269e04d80ee5a26803cc222942b28e457be908126fb4ff6bfde2a063ea1ef74ecba2aaceb58c68fba5c4fddcea5fbd91d3
-
SSDEEP
98304:nroESehXGx5IkVu1f/ihp+t49Rd3iG2dEsL:s3ehXzgiSvGiv3tEj
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1