General

  • Target

    f8e75a1d29c453ee93f1bbde915b98318ccab3856876063feba2611a66958b59

  • Size

    8.7MB

  • Sample

    241031-k397gswbjp

  • MD5

    91b892a89c0d3b2a411c408b8757beb5

  • SHA1

    3975cf3bb3d8300ee50da45b4ebc3702b9b60426

  • SHA256

    f8e75a1d29c453ee93f1bbde915b98318ccab3856876063feba2611a66958b59

  • SHA512

    065618c293a7597ee8ae7a39aeeee5e822eeda78142ae1e3417e3c8a6f0d80260ed3fa5c7baf1048cd619795f003d2856dd35c0bf0b30f5a06aa9f69ada0cf06

  • SSDEEP

    196608:kddkya/qea8TijDILdvUQOZHlMTyBnRXyP:nyaS8TijD6MV7MTIK

Malware Config

Targets

    • Target

      f8e75a1d29c453ee93f1bbde915b98318ccab3856876063feba2611a66958b59

    • Size

      8.7MB

    • MD5

      91b892a89c0d3b2a411c408b8757beb5

    • SHA1

      3975cf3bb3d8300ee50da45b4ebc3702b9b60426

    • SHA256

      f8e75a1d29c453ee93f1bbde915b98318ccab3856876063feba2611a66958b59

    • SHA512

      065618c293a7597ee8ae7a39aeeee5e822eeda78142ae1e3417e3c8a6f0d80260ed3fa5c7baf1048cd619795f003d2856dd35c0bf0b30f5a06aa9f69ada0cf06

    • SSDEEP

      196608:kddkya/qea8TijDILdvUQOZHlMTyBnRXyP:nyaS8TijD6MV7MTIK

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks