General
-
Target
558a12bbea133185eb758e5153dd7300N.exe
-
Size
2.6MB
-
Sample
240820-zjyrnsweql
-
MD5
558a12bbea133185eb758e5153dd7300
-
SHA1
bb97348b9bfe7feecdedfd4ae29434d2dfd41136
-
SHA256
05bfc5c5536222b49c8217075b56fe46f941e24a157e0e83523a280e4a9bc3e1
-
SHA512
03d264d9497cf82f435d2f1ed5d4e59eca50edc2b1cc2ffc078080ea3a28af397416d7f92f6fbf4d326e3572561660b863e461a87cb467c64212444580cf59c3
-
SSDEEP
49152:lU5IvAG44oOCdcSzNIJG70V6Do4yV/5mc5aNZJ350zg5bEJ60IZGnpw/YC:lU5G4DOT5JGIVzh/5aZX0zgd0IZGpwV
Malware Config
Targets
-
-
Target
558a12bbea133185eb758e5153dd7300N.exe
-
Size
2.6MB
-
MD5
558a12bbea133185eb758e5153dd7300
-
SHA1
bb97348b9bfe7feecdedfd4ae29434d2dfd41136
-
SHA256
05bfc5c5536222b49c8217075b56fe46f941e24a157e0e83523a280e4a9bc3e1
-
SHA512
03d264d9497cf82f435d2f1ed5d4e59eca50edc2b1cc2ffc078080ea3a28af397416d7f92f6fbf4d326e3572561660b863e461a87cb467c64212444580cf59c3
-
SSDEEP
49152:lU5IvAG44oOCdcSzNIJG70V6Do4yV/5mc5aNZJ350zg5bEJ60IZGnpw/YC:lU5G4DOT5JGIVzh/5aZX0zgd0IZGpwV
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1