General
-
Target
Nursultan Alpha (prem)_protected.exe
-
Size
3.3MB
-
Sample
240829-prjbvatdnr
-
MD5
668f721351918eb28387e2a7eeb3cb38
-
SHA1
abd6a58f5a63ab5e0ef5b5c53b049eff6f9c03f7
-
SHA256
3e8bb255ae08068c909c67d331dfdd92e5ea0b572145d6f7dd7eb67b236b80c0
-
SHA512
7760b9c8f8e0ba3085d2533822a083706e02d3b14c7d46de02905e65fbc96e65c8b42e4c3e97f3fa7cd2f9547ab14953202f7173f4f3360cb2bbb673cc7a53ef
-
SSDEEP
98304:LC32Ejo4Phne5FyzECFk8l0o2r4aGYpzgJT:LcKq5e5kvFT0/4ah0N
Malware Config
Extracted
phemedrone
https://api.telegram.org/bot7322165665:AAFyOklLwRDgUWXVHyXw6ZlECDoQ6pM7WQ0/sendDocument
Targets
-
-
Target
Nursultan Alpha (prem)_protected.exe
-
Size
3.3MB
-
MD5
668f721351918eb28387e2a7eeb3cb38
-
SHA1
abd6a58f5a63ab5e0ef5b5c53b049eff6f9c03f7
-
SHA256
3e8bb255ae08068c909c67d331dfdd92e5ea0b572145d6f7dd7eb67b236b80c0
-
SHA512
7760b9c8f8e0ba3085d2533822a083706e02d3b14c7d46de02905e65fbc96e65c8b42e4c3e97f3fa7cd2f9547ab14953202f7173f4f3360cb2bbb673cc7a53ef
-
SSDEEP
98304:LC32Ejo4Phne5FyzECFk8l0o2r4aGYpzgJT:LcKq5e5kvFT0/4ah0N
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-