General

  • Target

    modest-menu.exe

  • Size

    8.2MB

  • Sample

    241031-z126estdjb

  • MD5

    1c7c9105edb1977f683f870ae5f23013

  • SHA1

    cc3ddad3a8105c9f4720a5f7abeb90a7ba89341e

  • SHA256

    d4b531d4e32875c7de26018ed07347a9520893ae4ef8a55e9ddf510cbbced5a0

  • SHA512

    7d5c2e0a714dd4de6dbfed4c3b818ac26e1cc3f211ff1af02503c064eeffef33506dfc6f9f2d4f0b27b9929b6141632769a8451849d1e7c9d07915e85a1afe33

  • SSDEEP

    196608:0miuyn5ePOT7ayAED/POi+sPy/+9ZxDmiC3SPQe:0bePoW5CPX+2k3Sh

Malware Config

Targets

    • Target

      modest-menu.exe

    • Size

      8.2MB

    • MD5

      1c7c9105edb1977f683f870ae5f23013

    • SHA1

      cc3ddad3a8105c9f4720a5f7abeb90a7ba89341e

    • SHA256

      d4b531d4e32875c7de26018ed07347a9520893ae4ef8a55e9ddf510cbbced5a0

    • SHA512

      7d5c2e0a714dd4de6dbfed4c3b818ac26e1cc3f211ff1af02503c064eeffef33506dfc6f9f2d4f0b27b9929b6141632769a8451849d1e7c9d07915e85a1afe33

    • SSDEEP

      196608:0miuyn5ePOT7ayAED/POi+sPy/+9ZxDmiC3SPQe:0bePoW5CPX+2k3Sh

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks