96c4762d494abe04fa78c60d19af178d3a82ee7d75bda3be35d3ef1e5f1225ca

General

Target

O0JH5_NewTextDocument.bat
Size

2KB
Sample

241005-eqyd9syfnc
MD5

1249778163d6bf686b1eb98029fc689b
SHA1

eda466fb3713e0ef8887901036a82a0734b3d47e
SHA256

96c4762d494abe04fa78c60d19af178d3a82ee7d75bda3be35d3ef1e5f1225ca
SHA512

329774fc4a3a8acc91d4366a868323a53053c1e848c84445cadab6ac851df8dea57f16c9d877dd376611ae88c2ce9ea6fcaa970729c36f50859f77988b771a5b

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1291967647767859211/1291972588448514110/ZEN_protected.exe?ex=67020abc&is=6700b93c&hm=7b6c09bd4889de22214c218e9f6bd8b174172db46c5a7b2c5ca6d7b6793fe773

Targets

- Target
  
  O0JH5_NewTextDocument.bat
- Size
  
  2KB
- MD5
  
  1249778163d6bf686b1eb98029fc689b
- SHA1
  
  eda466fb3713e0ef8887901036a82a0734b3d47e
- SHA256
  
  96c4762d494abe04fa78c60d19af178d3a82ee7d75bda3be35d3ef1e5f1225ca
- SHA512
  
  329774fc4a3a8acc91d4366a868323a53053c1e848c84445cadab6ac851df8dea57f16c9d877dd376611ae88c2ce9ea6fcaa970729c36f50859f77988b771a5b
Score

10^/10

execution evasion themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2