9f60a00eedeee1b382a1ee47209c8c056a4ebbfbf45726aaa1f0909371b3ca9e

Sharing

Copy URL Twitter E-mail

General

Target

NewLoader.zip
Size

105.3MB
Sample

240914-zwppjawfpa
MD5

cb3d9f5ad95dbcb0507af2b08730ad9f
SHA1

9512bbb12fc919f1338069df5677829d09b646e0
SHA256

9f60a00eedeee1b382a1ee47209c8c056a4ebbfbf45726aaa1f0909371b3ca9e
SHA512

3e547ab95a505013c63af5bf713493cced0dd63e6e66ec346df00e4181457137f9b3fb420db5bec246907e1ed07bf0e54d22615c8e4d4cebc938b90c9b820d75
SSDEEP

3145728:2LgO9FPp8U4Um3oV79RkBMxRUqv6Z/gGotPJhIy:Kg+lp8Um4Ve+ViVePF

Score

9^/10

Malware Config

Targets

- Target
  
  NewLoader.zip
- Size
  
  105.3MB
- MD5
  
  cb3d9f5ad95dbcb0507af2b08730ad9f
- SHA1
  
  9512bbb12fc919f1338069df5677829d09b646e0
- SHA256
  
  9f60a00eedeee1b382a1ee47209c8c056a4ebbfbf45726aaa1f0909371b3ca9e
- SHA512
  
  3e547ab95a505013c63af5bf713493cced0dd63e6e66ec346df00e4181457137f9b3fb420db5bec246907e1ed07bf0e54d22615c8e4d4cebc938b90c9b820d75
- SSDEEP
  
  3145728:2LgO9FPp8U4Um3oV79RkBMxRUqv6Z/gGotPJhIy:Kg+lp8Um4Ve+ViVePF
Score

1^/10
behavioral1
- Target
  
  LoaderDownloader.exe
- Size
  
  592KB
- MD5
  
  f25f8c6de26e307e7c49936c880b0ac7
- SHA1
  
  7e154481d7a98aa7c6d4c9fd0ed2e9399623704a
- SHA256
  
  c8f2d4f58c3a7cf294d8e2a57a1e14047db191c126b6806c347f2ab9a3ea4dd0
- SHA512
  
  43ef0f1c9563acd5627e6839efb6387b771d35dbd235e7cb87f76ed06f3b8e76f6033b213fb9cae88272930697834d746a3d06d7be24a04da6a5828a5168b3b2
- SSDEEP
  
  12288:XTPHl0zka+1bz11XXCL+OzL5ybnG22xATL4jQB:jPHl0zka+1n11XXo+OzL5ybnG22uz
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2
- Target
  
  RivaTuner.zip
- Size
  
  22.6MB
- MD5
  
  08b28f05d55e03402a21f91380a51977
- SHA1
  
  574556624b246d31ede2ca559107a9d0e5ade927
- SHA256
  
  3665be0835815d6c02d39dcdec81168120ef081e7de1468fa2b2ec8fc7cec7ed
- SHA512
  
  96c6a4021011cec350156f70ab2239a05957948afc00af583fd6539278df1bc94613cb44e9bde1c0f749f75ba3c39be2afa7cfdf09c44e957b552c102a821e58
- SSDEEP
  
  393216:EMHmwJjySayTuOhbZdQ9L4hIlvVbRQApfolim4sTBEJP2YJ2WqcQWfKSZy2sT1YS:dtJGSayTfhFdQZRl1VAliV2YJ+cQWfBo
Score

1^/10
behavioral3
- Target
  
  VenomLoader.pdb
- Size
  
  7.0MB
- MD5
  
  29ac5338eede0d2189746832d0c999af
- SHA1
  
  29a8a044672fe5b04dbc08b3728ab0e005234c3e
- SHA256
  
  15fdca80a9fa304e5b93d038acc87fcd08fac4af6c5e9cbfcd167c4db9d25146
- SHA512
  
  020fdc082324f916b975413d23c75dd296a43b6721aaad2ed505a3b684d09f3bbdb0dcbcedaff9990d8475f5527768a1c8fb9fd96874e266cc09e45e3da8cf34
- SSDEEP
  
  49152:XOR9/IBdBFoGNTMed56aJsK9haTdk5hQreZ9rdGcK2C:5FJMedTsK9haacrmrdGctC
Score

3^/10
behavioral4
- Target
  
  api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  24KB
- MD5
  
  0485c463cd8d2ae1cbd42df6f0591246
- SHA1
  
  ea634140905078e8f687a031ae919cff23c27e6f
- SHA256
  
  983f4d4c7b7330e7f5f091080c1e81905575ebccd97e11dff8a064979ec8d9b8
- SHA512
  
  ddf947a1b86c3826859570a3e1d59e4ec4564cfcf25c84841383a4b5f5ad6c2fe618078416aed201fb744d5fbd6c39dab7c1e964dd5e148da018a825fcc0044a
- SSDEEP
  
  384:WruyxWfhWMLm0GfeQ1MgKlx+YY30Jl0huSwp+M:PlRhg8Ihep+M
Score

1^/10
behavioral5
- Target
  
  api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  20KB
- MD5
  
  e48a1860000fd2bd61566e76093984f5
- SHA1
  
  aa3f233fb19c9e7c88d4307bade2a6eef6518a8a
- SHA256
  
  67bbb287b2e9057bf8b412ad2faa266321ac28c6e6ba5f22169e2517a3ead248
- SHA512
  
  46b384c45d2fe2b70a5ac8ee087ba55828a62ccab876a21a3abd531d4de5ec7be21ff34b2284e0231b6cf0869eba09599c3b403db84448f20bd0fff88c1956d5
- SSDEEP
  
  384:WyWfhW8Lm0Gf4dv0l9K8Hfy41MgKlx+YV:gNRBuafg8V
Score

1^/10
behavioral6
- Target
  
  api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  22KB
- MD5
  
  1193f810519fbc07beb3ffbad3247fc4
- SHA1
  
  db099628a19b2d34e89028c2e16bc89df28ed78f
- SHA256
  
  ab2158fe6b354fb429f57f374ca25105b44e97edcbdc1b752650d895dadd6fd1
- SHA512
  
  3222a10c3be5098aca0211015efe75cfbcd408fd28315acedd016d8f77513f81e207536b072001525965635da39c4aae8ef9f6ad367f5d695de67b1614179353
- SSDEEP
  
  384:W3q6nWm5CpWfhWNLm0Gf3Jl0huSwJ+Ruh91MgKlx+YV:l6nWm5Ce4RVheJUUwg8V
Score

1^/10
behavioral7
- Target
  
  api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  a22f9a4cbd701209842b204895fedf37
- SHA1
  
  72fa50160baf1f2ea2adcff58f3f90a77a59d949
- SHA256
  
  2ee3d52640d84ac4f7f7ddfe748f51baa6fd0d492286c781251222420e85ca97
- SHA512
  
  903755d4fa6651669295a10e66be8ea223cd8d5ad60ebe06188d8b779fef7e964d0aa26dc5479f14aab655562d3c1ef76b86790fb97f991eaf52da0f70e40529
- SSDEEP
  
  384:WTY3eRWfhWILm0Gf/fReAplx4bZak3Jb1MgKlx+YgW:4GtRCaog8gW
Score

1^/10
behavioral8
- Target
  
  api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  20KB
- MD5
  
  ba17b278fff2c18e34e47562ddde8166
- SHA1
  
  bed762d11b98737fcf1d1713d77345ec4780a8c2
- SHA256
  
  c36f5c0ac5d91a8417866dd4d8c670c2192ba83364693e7438282fb8678c3d1e
- SHA512
  
  72516b81606ccf836549c053325368e93264fdebc7092e42e3df849a16ccefa81b7156ae5609e227faa7c9c1bf9d68b2ac349791a839f4575728f350dd048f27
- SSDEEP
  
  384:WyWfhWGLm0Gfdx46gl9iFoQ0E642zlxCHj0:ETRg1Goj0
Score

1^/10
behavioral9
- Target
  
  api-ms-win-crt-math-l1-1-0.dll
- Size
  
  28KB
- MD5
  
  c4cac2d609bb5e0da9017ebb535634ce
- SHA1
  
  51a264ce4545a2f0d9f2908771e01e001b4e763e
- SHA256
  
  7c3336c3a50bf3b4c5492c0d085519c040878243e9f7d3ea9f6a2e35c8f1f374
- SHA512
  
  3b55bdbc5132d05ab53852605afe6ed49f4b3decdde8b11f19a621a78a37d98c7aeaaa8c10bf4565b9b50162816305fa5192ee31950a96dc08ae46bfc6af4ffe
- SSDEEP
  
  384:WSQUbM4Oe59Ckb1hgmLVWfhWFLm0GfBOeAplx4bZe1TTTXZl1OS:vRMq59Bb1jycR5aCUS
Score

1^/10
behavioral10
- Target
  
  api-ms-win-crt-multibyte-l1-1-0.dll
- Size
  
  28KB
- MD5
  
  0d19e7c415f72971239ca241fd960810
- SHA1
  
  682869cf2eb6f998d5ab50cc892383c9073e4646
- SHA256
  
  d0e566797a5861a745a8f46e1f79ff56185f7c64ce10623dad4700f8e410d94f
- SHA512
  
  f03a27e5d8c2c833df0b3e7531fd95cef507acd82dd72078377a7d54e2acd0284276b1f1f7406b2045899d29a6e04c26e061b37fcb9fc293626515247bd19f2b
- SSDEEP
  
  384:WFy+Kr6aLPmIHJI6/CpG3t2G3t4odXLVWfhWdLm0Gf+pJl0huSwJARzjy2ZlxrX1:8ZKrZPmIHJI6kQRZGheJAdbH
Score

1^/10
behavioral11
- Target
  
  api-ms-win-crt-runtime-l1-1-0.dll
- Size
  
  11KB
- MD5
  
  894e538fbd29d9af2dac82abbb798aa8
- SHA1
  
  3c28b3063ce80b3fd61e0afc6934e3180f5bef12
- SHA256
  
  b12679d33126d2dcb0cd3625fccf5c3afc40d95c1be36dc55f7471de94929d23
- SHA512
  
  32ad7f4ba21c7ec47b374ed776cc1662de23a955a00aab509d9b82a9f4aa4b46580933c3382a1cffa526d93af686013104ca1d8d50ab3bab02a291e64b88a884
- SSDEEP
  
  192:+aajPrpJhhf4AN5/KiZWshWPBBbJz8Gjdv6suAH/7gq:+lbr7vWshWpB7dysuzq
Score

1^/10
behavioral12
- Target
  
  api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  26KB
- MD5
  
  5df2410c0afd30c9a11de50de4798089
- SHA1
  
  4112c5493009a1d01090ccae810500c765dc6d54
- SHA256
  
  e6a1ef1f7c1957c50a3d9c1d70c0f7b0d8badc7f279cd056eb179dc256bfefda
- SHA512
  
  8ecb79078d05d5b2a432f511953985b3253d5d43d87709a5795709ee8dbca63c5f1166ed94d8984c13f2ea06adfa7d6b82c6735c23c6e64f2f37a257066864e6
- SSDEEP
  
  384:WnZpFVhXWfhW2Lm0Gfi3RKllGBwLeb+Jl0huSwpSs:a+rRlkLelhepSs
Score

1^/10
behavioral13
- Target
  
  api-ms-win-crt-string-l1-1-0.dll
- Size
  
  26KB
- MD5
  
  aacade02d7aaf6b5eff26a0e3a11c42d
- SHA1
  
  93b8077b535b38fdb0b7c020d24ba280adbe80c3
- SHA256
  
  e71d517e6b7039437e3fc449d8ad12eeeca0d5c8ed1c500555344fd90ddc3207
- SHA512
  
  e02fcbcb70100f67e65903d8b1a7e6314cabfb0b14797bd6e1c92b7bcb3994a54133e35d16da0a29576145b2783221330591526f856b79a25c0575fc923985a6
- SSDEEP
  
  768:96S5yguNvZ5VQgx3SbwA71IkFD7RwL9il:9l5yguNvZ5VQgx3SbwA71IEVwL9il
Score

1^/10
behavioral14
- Target
  
  api-ms-win-crt-time-l1-1-0.dll
- Size
  
  14KB
- MD5
  
  437b1f0308340db8c5d0d7f3c72706d7
- SHA1
  
  c341a5d909855e08ac56fbfc627c61e941f7f7e7
- SHA256
  
  77f3c912052578780f06d6f63cd3feec925f9c20c5f0218dac9e9c0950644614
- SHA512
  
  f622c662aa90d1f3c3a5cb316385b17dabe8ac201bba07d8da3b8df8d96fd298ed39b651b4eba1c116ad9c1c26b17a2dd32400b256dc30b5b3bcdb1d7d87fc89
- SSDEEP
  
  192:Xy5NDSWYhWvVKU/3XjDBQABJjxOMAus/qnajVMWdjdY8:XU0WYhWtKmXjDBRJlOa0lxBjL
Score

1^/10
behavioral15
- Target
  
  api-ms-win-crt-utility-l1-1-0.dll
- Size
  
  20KB
- MD5
  
  9b622ca5388b6400705c8f21550bae8e
- SHA1
  
  eb599555448bf98cdeabc2f8b10cfe9bd2181d9f
- SHA256
  
  af1e1b84f066ba05da20847bffd874d80a810b5407f8c6647b3ff9e8f7d37863
- SHA512
  
  9872f54ac744cf537826277f1c0a3fd00c5aa51f353692c1929be7bc2e3836e1a52cab2c467ba675d4052ac3116f5622755c3db8be389c179f7d460391105545
- SSDEEP
  
  384:WOf9WfhW3Lm0GfZE8xlZWWkiJ1zw8xlZWWkip//7:1faeRviIiN
Score

1^/10
behavioral16
- Target
  
  chrome_100_percent.pak
- Size
  
  761KB
- MD5
  
  32507a827c7ad2257cd6bfbfe8512091
- SHA1
  
  82d5b64db1958008082800b55f61f23015179aec
- SHA256
  
  9b48a24b66e1ac27dad2e36416e47e04f4d6fc1516bc3be02cedeaf25e7c4376
- SHA512
  
  e3d5d4af0f2b7b322d0476540b262aaeadd823633bc5d4d7141f9ab96c892df562ae721cc3b7b8db89099593f6917671ff63ea1768687b4584e07f98e328df50
- SSDEEP
  
  12288:CN8I3HWOnJGgsz5B0GDJQrnKs8SNP+QSsBilMxjPvQj+0tibOW+p6yIACoORehrQ:I3h0zEEmPLBnxj3G+0of+IZoORes
Score

3^/10
behavioral17
- Target
  
  chrome_200_percent.pak
- Size
  
  1.3MB
- MD5
  
  411424bc9cd788ac6a90ad8a13a74ef8
- SHA1
  
  ffa42ea686b1df9d43b29496b6a54424d2c7a97a
- SHA256
  
  61d5574cfd63b69468e69354839a0b43d18cd819c5dc635c327c5d735a32a5fc
- SHA512
  
  2ffb3fad133f6b120264753691a87e633efa5e3bca80a93545eede4e1fbd3182b09d3b060ca81891eaef8bc597a92721c899238bd2f8dc9bb1136ed152a951ec
- SSDEEP
  
  24576:e13DjW3zkmmibkFR8+mZe/BK6eQQ4U3qCZ699wV/QtGHbafw6ebioL4:e13DS3YmNbkFRJmXQdUaC1/Q4mwjba
Score

3^/10
behavioral18
- Target
  
  chrome_elf.dll
- Size
  
  1.1MB
- MD5
  
  ae09154e4099751991fc176508d488cd
- SHA1
  
  1b17b50a099d9d17b02266bbae898cff777b6a34
- SHA256
  
  8199e22122af41b1a5f4e4c3db87fea555b31eacbe3bf408b97e90f873a912b2
- SHA512
  
  c647f927dff9f8335546f455be5d81b29a0fa571b7e575955278edca43be66e25b82b9fed61542237bb899d58af5e7837d0ab3becc2c8e58fc0abaaf0060eb74
- SSDEEP
  
  12288:ljfGxUmv4ZP5QR3O0OCBdV/ISS3eZ48CSGVWieB59at6yel5+nfoXyGJE:ljCUmvAP5KzV/ISS3p8Nigqt62
Score

1^/10
behavioral19
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.1MB
- MD5
  
  222d020bd33c90170a8296adc1b7036a
- SHA1
  
  612e6f443d927330b9b8ac13cc4a2a6b959cee48
- SHA256
  
  4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3
- SHA512
  
  ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6
- SSDEEP
  
  49152:D5EfJYiVk9w6hAPqzag2At6i5K/8Ub6Lg3MEq/NHiQTtVr+5kb62QgdD6zoodr7P:l7iNPWHYE+Bnm8
Score

1^/10
behavioral20
- Target
  
  icudtl.dat
- Size
  
  9.9MB
- MD5
  
  80a7528515595d8b0bf99a477a7eff0d
- SHA1
  
  fde9a195fc5a6a23ec82b8594f958cfcf3159437
- SHA256
  
  6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b
- SHA512
  
  c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459
- SSDEEP
  
  196608:+UGwSv9AAQnt6liXUxR0rHa93WhlU6tcCLhl:+oKlQnAliXUxR0rHa93WhlU6t3Ln
Score

3^/10
behavioral21
- Target
  
  libEGL.dll
- Size
  
  397KB
- MD5
  
  a489110cbbc938b610c8ee0288227e9e
- SHA1
  
  cc8ceb2368249995aec6f1b2c7b65e55cb62da79
- SHA256
  
  2b530d84042badf2f210c7c34315675183a59481e1fea169e001771b62c7fe9d
- SHA512
  
  ecb5b473a011e031379c82af8b8c91e99907db4bcc2ab1dda918e24729ab36b6ca9ae8da885134152039b7f19b3a9ad3fea09aa85e14035d1110373734cd22ec
- SSDEEP
  
  6144:BTJBX5aoK03CgE/o/JdVoTT2rpINipk+Q21TFf:hQ+3CgE/gJLoFSk+Q2b
Score

1^/10
behavioral22
- Target
  
  libGLESv2.dll
- Size
  
  6.5MB
- MD5
  
  254acd66a4a64097c96eff652b877503
- SHA1
  
  fca24951674022f5728492a4d726ddca7e4eab9d
- SHA256
  
  fde7b3feec25801678a474a8349f4ba774c4e4c44571ed84b8c903fdcbfc8918
- SHA512
  
  3b2690c5a1e7d6d43050eaa706e67d25eb993ceecc21ade67a0f41678ea9f90631a07bb9f532eb51c519de01906860161c6ad75f306938dc5ae11a6c0ee8b603
- SSDEEP
  
  98304:MdFsgWhQG8+U7jB/mCalYF2EWDLzI5eSo+:4FsvhQG8+fCh2E0s
Score

1^/10
behavioral23
- Target
  
  libcef.dll
- Size
  
  146.0MB
- MD5
  
  77d47de378d2209a2f5ee276f3f8897d
- SHA1
  
  c28601bf4241f34fd93b29e0c6b99084e02c4e32
- SHA256
  
  6a053ca485b7b9985ef23800bef4fcd9f2509f12e6312740d462eebece2afc7e
- SHA512
  
  3464a61323b252ca6b335af7bc5b719079ada8ec47342a5ec98d3bc58fe6609007b1baba0cb5e75f59a2c2aeba37e1403d405e8f3239dcd1cfe79c404226f76e
- SSDEEP
  
  1572864:YB/SiOKVk0z9p6A5VeJIyuJyU4I+r9eVqR:CSwfhWes
Score

1^/10
behavioral24
- Target
  
  libcurl.dll
- Size
  
  477KB
- MD5
  
  bb00ac5c5296643c7ed5750808c1f41d
- SHA1
  
  af2b89834f626cf33f353d2b6a074a57acfc8041
- SHA256
  
  2bc42deed55d7cf6fd137d45ee9473e1fe7c49ccbe77b2283adbee83f810ba47
- SHA512
  
  0de7d5f6ff43e56e36026601c6088ea3db3a04caa2d73a9d2f88454c9d5abbb2c5ee0c05f36a0f7473590009657449a8b13bb8d0c3f3e4b4ec0adbdd028c6326
- SSDEEP
  
  6144:yVE0U9KcqVF7RobugfRDvaMXBh82FlqASjCpqy7bU+dXVoe/qmy1MIv8UI:y+0mKvnSBd3Sjgp7bUgLZy3
Score

1^/10
behavioral25
- Target
  
  locales/en-US.pak
- Size
  
  256KB
- MD5
  
  90a7c0c53ecda606c48d66eb9621469f
- SHA1
  
  cdb757c84c60b971eed9d174559ee08f943af1ef
- SHA256
  
  205278edc8c3937d6331ff15e6c336c74231c08aed58bfd732719e4acf44617a
- SHA512
  
  d6183fd89c8d4b244aa6ee73687ebe4deb6c9c295ac6889899ad3b9bab6288419b103941d258db92c37de652317739d6f2d400e9eff53c4869c87e6be864cff4
- SSDEEP
  
  6144:06yDoycdOJMD9eWj2VpfaY1bNj5oYlOwi:05N0oML2Vxp5ogOwi
Score

3^/10
behavioral26
- Target
  
  locales/pt-BR.pak
- Size
  
  300KB
- MD5
  
  b0c6bf050ee8560dceb99f7f941b65b5
- SHA1
  
  92d934425e5a6c25ab0676ad82c5265b54bd997b
- SHA256
  
  397d9a4509c3d4b738246ce98ee596075265d4f0082ba277964601881a6001c8
- SHA512
  
  183d0f10f3838866c74be47ba29195258a94a389d36c411e0009b5b8ad5bb299379936b1dcd8a60231c2a679001a1a39d016e570dd283f77cc5c4c91b87afa96
- SSDEEP
  
  3072:km4J20XQmqbd3ieGl4cItfqwNBZBLab+p3b3on5OOTKst4VxLe8VtuP5vN4C5LEr:8hqbk8nNBZBL1jA0ISQ5vOCLE153
Score

3^/10
behavioral27
- Target
  
  msvcp140.dll
- Size
  
  576KB
- MD5
  
  7b92a6cb5d2cad407c457ab12d2b211d
- SHA1
  
  e04020b3448fc6084fa31b7f791f22ff15e31328
- SHA256
  
  3c6a772319fff3ee56d4cedbe332bb5c0c2f394714cf473c6cdf933754114784
- SHA512
  
  b28740c1aca4f0f60a9e4a9ab5a0561af774d977ab6d42a7eea70c9e560c77c50be5d9d869f05d0435e2923f4f600219335d22425807ab23cbbcda75442c4b42
- SSDEEP
  
  12288:RI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRvbQEKZm+jWodEEVhQ:RD89rxZCQEKZm+jWodEEPQ
Score

1^/10
behavioral28
- Target
  
  resources.pak
- Size
  
  6.9MB
- MD5
  
  173b9555acdc5216297e22cc2df6333e
- SHA1
  
  ef1af9153c87d05f7966818e831aa39acc813467
- SHA256
  
  61de556b02795b2048014f3b14406f4900cbeddc651b2b3ff3ec3478ba097ddf
- SHA512
  
  9e55a8082633b29bcf4212ef4b8e5afceaa6e116f5a5a6e8f17c21d4ecd01443fcb1a9978f7819c69030f4da3134585969991cafc82c7fa29a23e06762170da6
- SSDEEP
  
  196608:hyOH1/LLnBnC3HD6pBU0ZE+tLd7XygJhU8skrVRXSRlpKNgjEVa:hyU/n9YD6pBJjdT1sLkrVRcKNgjT
Score

3^/10
behavioral29
- Target
  
  snapshot_blob.bin
- Size
  
  47KB
- MD5
  
  c817c26fcde24223b7a5eb3af447ccae
- SHA1
  
  287f7c2872ceb9b519436774ab16e5f574f69d0b
- SHA256
  
  95d8babda33020e626b427d85df85016f381e97edff0f8ec702e74d01b9429b1
- SHA512
  
  04d8031c3b66da65b1547a42e2a2f69d9f4173db2cd9d1690a35e2bc8cb29d6ca8d30181797bdd291cda261aae374df58e7e4b0a91b799335ba2de27d2fad81c
- SSDEEP
  
  768:zjZPM4eOicTrfFNpTqz6MNRLAFvJ2q+VaqytV+LW5N2qJobF8OEYsNmEb:zlrJTqzPRLAFR2TVsgLW5NkSO/sDb
Score

3^/10
behavioral30
- Target
  
  v8_context_snapshot.bin
- Size
  
  161KB
- MD5
  
  3f6caed84167e686ff056986a391dbf8
- SHA1
  
  5dd909d3fd30fca1054f74d6c915cc374c68bf7d
- SHA256
  
  2d99bc3ef6ecce5b15fd8f980f45c1c13442b205a0735207eb9cb05103e17c2e
- SHA512
  
  f14d81c3ad9110bb9a93dfde90cb0d9a7451e5260c7a7c21c0137a3a9f24e022b6c25b436a6d542c53a696ac15229aae709f7e60bb51ef2dc06a4e7cc7a183eb
- SSDEEP
  
  3072:Nw86zaSeccWVJRh0BatV7uo3o8YqGVCtFuR34NjFNjrs+gg7mGo:C8PccWX0BatV7DYqSw7jBZgMml
Score

3^/10
behavioral31
- Target
  
  vcruntime140.dll
- Size
  
  99KB
- MD5
  
  7a2b8cfcd543f6e4ebca43162b67d610
- SHA1
  
  c1c45a326249bf0ccd2be2fbd412f1a62fb67024
- SHA256
  
  7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
- SHA512
  
  e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
- SSDEEP
  
  1536:sC6b39cL/iRDhXq4GZLAy10i5XNC83tTPw98APXbxecbSQ25I4I/Cq:sVPphXq30yvXL5APbxecbSDu
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32