General

  • Target

    CL_Installer_protected.exe

  • Size

    5.1MB

  • Sample

    240622-pvvt2sybqf

  • MD5

    d39cf4c5376e86f0f03d36831938708a

  • SHA1

    813bab7361820a4e82c03ee11ff6421a3d90f858

  • SHA256

    63dd1a76533b1d11edf0116c9ce51bce6d851dee19954c0d46b8413befb01790

  • SHA512

    8809117ac6bb7ff5fb7be6b49f294a6822e877e02210be5fd895683ff8fbb5ac3c20e0aba3eef78573e27489a13ab128f42b5f310aa0a6fbf6eb8541adb7a987

  • SSDEEP

    98304:FfVAxIJKvJlUl9N31HTc3XbTliNRP2nT1OAqYBMDk7H0FyL:xCEKBlUPN3icNRcTKo7Hmi

Malware Config

Targets

    • Target

      CL_Installer_protected.exe

    • Size

      5.1MB

    • MD5

      d39cf4c5376e86f0f03d36831938708a

    • SHA1

      813bab7361820a4e82c03ee11ff6421a3d90f858

    • SHA256

      63dd1a76533b1d11edf0116c9ce51bce6d851dee19954c0d46b8413befb01790

    • SHA512

      8809117ac6bb7ff5fb7be6b49f294a6822e877e02210be5fd895683ff8fbb5ac3c20e0aba3eef78573e27489a13ab128f42b5f310aa0a6fbf6eb8541adb7a987

    • SSDEEP

      98304:FfVAxIJKvJlUl9N31HTc3XbTliNRP2nT1OAqYBMDk7H0FyL:xCEKBlUPN3icNRcTKo7Hmi

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks