General

  • Target

    notepad.exe

  • Size

    7.7MB

  • Sample

    240827-q55yfatela

  • MD5

    308076a3c4302e9b4222c8acbf16d4df

  • SHA1

    c5859a06ae6a5f39477ecee29bddd29d85665e92

  • SHA256

    045eeb206a8c81482668ca5179c38f8378d077eedcc26ea50d70fa217e358f86

  • SHA512

    8bd107af9200258267928949766216800e7c716d87ceb3798ad8b0c3eff8e266bc5a1f517306fc2d0891267dceb1592fce4693f8dcc2a7e0a858a15b0981cfa7

  • SSDEEP

    98304:BVh/iB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD89:BcUG4raKu24YY7HVT4hV0AD6QgqKRgX

Malware Config

Targets

    • Target

      notepad.exe

    • Size

      7.7MB

    • MD5

      308076a3c4302e9b4222c8acbf16d4df

    • SHA1

      c5859a06ae6a5f39477ecee29bddd29d85665e92

    • SHA256

      045eeb206a8c81482668ca5179c38f8378d077eedcc26ea50d70fa217e358f86

    • SHA512

      8bd107af9200258267928949766216800e7c716d87ceb3798ad8b0c3eff8e266bc5a1f517306fc2d0891267dceb1592fce4693f8dcc2a7e0a858a15b0981cfa7

    • SSDEEP

      98304:BVh/iB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD89:BcUG4raKu24YY7HVT4hV0AD6QgqKRgX

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks