General

  • Target

    paint.exe

  • Size

    4.3MB

  • Sample

    241031-wpkkfstlbr

  • MD5

    91f58c76697f964e359844b460980bff

  • SHA1

    d943bbf58b25f3bd49393044ba02b8a0bd9c5cd5

  • SHA256

    335182fb927d6ce2bbe800b35997d7e0e6010ce388434c65355c11353b0116f2

  • SHA512

    1af656c10d97d652eccfd01c1d84fccf02e6a59219b7f611987f5241d53e98ed5f44d785609491075f992273ed0359cd56fe1101da3b5596bdb9ceb3d1bc9868

  • SSDEEP

    98304:OfWMn/85jV8kbave4qaI6d3WonyEQ+us76D+iLdkCWdFv:yYkeeI6d3Wy57mLnCFv

Malware Config

Targets

    • Target

      paint.exe

    • Size

      4.3MB

    • MD5

      91f58c76697f964e359844b460980bff

    • SHA1

      d943bbf58b25f3bd49393044ba02b8a0bd9c5cd5

    • SHA256

      335182fb927d6ce2bbe800b35997d7e0e6010ce388434c65355c11353b0116f2

    • SHA512

      1af656c10d97d652eccfd01c1d84fccf02e6a59219b7f611987f5241d53e98ed5f44d785609491075f992273ed0359cd56fe1101da3b5596bdb9ceb3d1bc9868

    • SSDEEP

      98304:OfWMn/85jV8kbave4qaI6d3WonyEQ+us76D+iLdkCWdFv:yYkeeI6d3Wy57mLnCFv

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks