General

  • Target

    downloader.exe

  • Size

    70.1MB

  • Sample

    240827-q1g1tatcjg

  • MD5

    1e7167175840eea72194bf4b686128af

  • SHA1

    e19590ed9201cf5c80fad6dba45550115b577350

  • SHA256

    a6a87d0bb1f5d284a1135037ca0ec0ab2a2d1fd6f5b80d2738514877a8254ab2

  • SHA512

    d59809f1eb99a2c381985e21c81b3401abb716f7cf1caabede413194b50d41cd679c8a23b3bba27dd3306fde724345bb314a87dd5a6584a70940ab0bf3e08811

  • SSDEEP

    393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3Nt:lWoI7zGi5ahWc3Im7

Malware Config

Targets

    • Target

      downloader.exe

    • Size

      70.1MB

    • MD5

      1e7167175840eea72194bf4b686128af

    • SHA1

      e19590ed9201cf5c80fad6dba45550115b577350

    • SHA256

      a6a87d0bb1f5d284a1135037ca0ec0ab2a2d1fd6f5b80d2738514877a8254ab2

    • SHA512

      d59809f1eb99a2c381985e21c81b3401abb716f7cf1caabede413194b50d41cd679c8a23b3bba27dd3306fde724345bb314a87dd5a6584a70940ab0bf3e08811

    • SSDEEP

      393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qEsGg4GUo3Nt:lWoI7zGi5ahWc3Im7

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks