General
-
Target
Checkm8.info_Software_5.2.1_win.zip
-
Size
149.6MB
-
Sample
240922-yp19bavfnr
-
MD5
b693e05e87ef2d43c1bd70d850d41c7c
-
SHA1
289bb62b2741437153e501740d796425957f9040
-
SHA256
57e3dd38216d55e7f71e20580ec8cf806501bf13ebef7043c11596719f4666c5
-
SHA512
78e32b15007330ed0027f20b4729a14e2e51a82208ce0c3d3792a3fcb629bace263ab8779800f33b0bd02feaeb6be860ce29c3905ccf43ca3497049e0b2680a6
-
SSDEEP
3145728:oWIUTjvtdjupkXsCsWT9Py9GWZsFi8qjTd/HTQg/MyTB/C3bD7IsTzvo0FmVIKI:oWIQtpupEsCsWRQG2sFdqHdt0Qa7IsHt
Static task
static1
Behavioral task
behavioral1
Sample
Checkm8.info Software.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
Checkm8.info Software.exe
-
Size
153.2MB
-
MD5
179814f79366e207795be377253a3c51
-
SHA1
2442b8e3af558da13ab361ef2b0aca3ede8cf09a
-
SHA256
1331e7d924be8fd46e70a051fb978b935de4a4e2d792a25dcd1274556012566e
-
SHA512
5a51a93a22b0640d79bd5e5ee98454add613a5ef1111fece30ea48662da6b9cf45607098949098c5051991a84594e6278e7fd7d152386af316c8b18195a07740
-
SSDEEP
3145728:iK/uTmMTIdJQke9jZdKaCp5CECqAW6oZ6AsBY/lwMD8iaffDe0/wDe0/0XUm/:icMTITQke9jrKaC3CEpT6oOmyKqDe04m
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Access Token Manipulation
1Create Process with Token
1Hide Artifacts
1Hidden Files and Directories
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Virtualization/Sandbox Evasion
1