General

  • Target

    HAZ_Unlocker.exe

  • Size

    33.3MB

  • Sample

    240903-nmlqqswgrg

  • MD5

    fdc60622dd3320e1b1cda60458b69445

  • SHA1

    d4e73049205b82884ca272ba2a5335eae7187cf6

  • SHA256

    a1dab11543bd6cd8c221078b152957257b4056fefb431709002441eb22f971f3

  • SHA512

    b6af0a9173c7c11e7ea4b5084275bf3fd6421282ac34ec9fbcc9fd789743c0442ab3298916320057a83b4a229eaf9ad24e0bb8304caf79c4a0d93fca7b9d9791

  • SSDEEP

    786432:gFSA+9GoeHNzPzqU6xf0LcaJMnh9xgJs9TNrIx/CE:TP9XQGoissZNrIxp

Malware Config

Targets

    • Target

      HAZ_Unlocker.exe

    • Size

      33.3MB

    • MD5

      fdc60622dd3320e1b1cda60458b69445

    • SHA1

      d4e73049205b82884ca272ba2a5335eae7187cf6

    • SHA256

      a1dab11543bd6cd8c221078b152957257b4056fefb431709002441eb22f971f3

    • SHA512

      b6af0a9173c7c11e7ea4b5084275bf3fd6421282ac34ec9fbcc9fd789743c0442ab3298916320057a83b4a229eaf9ad24e0bb8304caf79c4a0d93fca7b9d9791

    • SSDEEP

      786432:gFSA+9GoeHNzPzqU6xf0LcaJMnh9xgJs9TNrIx/CE:TP9XQGoissZNrIxp

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks