General

  • Target

    V3.2.exe

  • Size

    4.3MB

  • Sample

    240625-yb4ghsydnd

  • MD5

    2b86802ae4884bc422909c9d7f736c2f

  • SHA1

    69efb1d653f5e81703e981b204e3ba05670a64bb

  • SHA256

    5e1f53abed4622d7835962655e21c1925b1502d67565c4b90d1e12e04651bb66

  • SHA512

    1dfce903d79f3fd488b738786a9de793f14f34d954507b13b232d721957a91c9ed56154f118ca4921e367ba8c7a41e003135727c948a7f97a45b9eb584b63288

  • SSDEEP

    98304:7vXFWvkybEhqHjUW0+Dpww1PUyo1eaGbvsha/C56a:7wvkyYhqHZlwJyo1edb0hDQ

Malware Config

Targets

    • Target

      V3.2.exe

    • Size

      4.3MB

    • MD5

      2b86802ae4884bc422909c9d7f736c2f

    • SHA1

      69efb1d653f5e81703e981b204e3ba05670a64bb

    • SHA256

      5e1f53abed4622d7835962655e21c1925b1502d67565c4b90d1e12e04651bb66

    • SHA512

      1dfce903d79f3fd488b738786a9de793f14f34d954507b13b232d721957a91c9ed56154f118ca4921e367ba8c7a41e003135727c948a7f97a45b9eb584b63288

    • SSDEEP

      98304:7vXFWvkybEhqHjUW0+Dpww1PUyo1eaGbvsha/C56a:7wvkyYhqHZlwJyo1edb0hDQ

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks