General
-
Target
Scythex.exe
-
Size
3.7MB
-
Sample
240824-s6kd8sxcld
-
MD5
c74ce0953870900a8e52e1630f4148c7
-
SHA1
c6b512522cbba0e5c4ce1a3de50553f28ed342af
-
SHA256
db70498abcc8e478a81e73ce38fa525adbf301546fc34c1d97bed863431e4d92
-
SHA512
740295118a400f1d61220e24369c3c556ae1f6e1fbcf78acf56088a0cfc9b6aecce436797748fe4f8ac6ac072f7d31fe5fd48ff230709b84bbd8b46a40cee62c
-
SSDEEP
98304:X/EuniDTqqmOaii5QRfe0cXJRsGsjcW/H6:vRQmOaiiSe1XJRstFa
Malware Config
Targets
-
-
Target
Scythex.exe
-
Size
3.7MB
-
MD5
c74ce0953870900a8e52e1630f4148c7
-
SHA1
c6b512522cbba0e5c4ce1a3de50553f28ed342af
-
SHA256
db70498abcc8e478a81e73ce38fa525adbf301546fc34c1d97bed863431e4d92
-
SHA512
740295118a400f1d61220e24369c3c556ae1f6e1fbcf78acf56088a0cfc9b6aecce436797748fe4f8ac6ac072f7d31fe5fd48ff230709b84bbd8b46a40cee62c
-
SSDEEP
98304:X/EuniDTqqmOaii5QRfe0cXJRsGsjcW/H6:vRQmOaiiSe1XJRstFa
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-