General

  • Target

    CL_Installer.exe

  • Size

    4.6MB

  • Sample

    240622-ptwpysybmh

  • MD5

    5daf288e79a1258c4848ce9a2bba01d2

  • SHA1

    60f6c09d653da9f1fcf7af8b9df457173396c62d

  • SHA256

    34a0e42c74687f94b44e9fad9f4ffaaa769ccce60c4a1acccfabc469de29f787

  • SHA512

    b4c035d92086d973c8aca9f8f8121b4ac32625d66006338f68b335432f01ad28f4c08e0916866ff2bdb4fbe4ee3cbf6c07bbfd07ed57b1b058b29d9d5ee3710f

  • SSDEEP

    98304:OcPE5igmLbGMeUaRxcgDxDMMAYBMDk7H0FyL:O2ZdaRx/DxHio7Hmi

Malware Config

Targets

    • Target

      CL_Installer.exe

    • Size

      4.6MB

    • MD5

      5daf288e79a1258c4848ce9a2bba01d2

    • SHA1

      60f6c09d653da9f1fcf7af8b9df457173396c62d

    • SHA256

      34a0e42c74687f94b44e9fad9f4ffaaa769ccce60c4a1acccfabc469de29f787

    • SHA512

      b4c035d92086d973c8aca9f8f8121b4ac32625d66006338f68b335432f01ad28f4c08e0916866ff2bdb4fbe4ee3cbf6c07bbfd07ed57b1b058b29d9d5ee3710f

    • SSDEEP

      98304:OcPE5igmLbGMeUaRxcgDxDMMAYBMDk7H0FyL:O2ZdaRx/DxHio7Hmi

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks