General

  • Target

    notepad (3).exe

  • Size

    7.7MB

  • Sample

    240827-q4n9asvgml

  • MD5

    e52f0ace43475675ba896dcbddfbb22e

  • SHA1

    b970e159b2725009c5264ae47b342b4cba3aba90

  • SHA256

    7b76e74675faade8a29af7beda7faed381bb4fbbe72304e4c6e0de8b3a903ec6

  • SHA512

    974b98519d1c6a047453960eeaac49c647040f45e6a872396b20e37d4731f9b97341bca6123b71cf82bc3caa10b751c3bded8d3c3ff483cdcfa6c2de5a869a67

  • SSDEEP

    196608:XK30CUWcUG4raKu24YY7HVT4hV0AD6QgqKRgX:a30WmKr4YYH+EUWpgX

Malware Config

Targets

    • Target

      notepad (3).exe

    • Size

      7.7MB

    • MD5

      e52f0ace43475675ba896dcbddfbb22e

    • SHA1

      b970e159b2725009c5264ae47b342b4cba3aba90

    • SHA256

      7b76e74675faade8a29af7beda7faed381bb4fbbe72304e4c6e0de8b3a903ec6

    • SHA512

      974b98519d1c6a047453960eeaac49c647040f45e6a872396b20e37d4731f9b97341bca6123b71cf82bc3caa10b751c3bded8d3c3ff483cdcfa6c2de5a869a67

    • SSDEEP

      196608:XK30CUWcUG4raKu24YY7HVT4hV0AD6QgqKRgX:a30WmKr4YYH+EUWpgX

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks