General

  • Target

    signdestructionmagenta.exe

  • Size

    4.4MB

  • Sample

    241104-bxf7sazhkm

  • MD5

    aab35d4b8bbe147233674dc8de15a96e

  • SHA1

    0a140510da51b5f1650b00c00f30d5efc5046615

  • SHA256

    82a0f4c583d4e2cf1842d2191ff69bd230d8feacd00cee91fc286c2c2cf30993

  • SHA512

    916b5b901a168c336c1ea8143d8054c9b011f2b52b0d21243c5c328777d62ba1b79c4c21b9fe076d2ca7d735c83955ae293555c7108c36c203d731b842dc1a58

  • SSDEEP

    98304:W9uFzWJAEekrC2wek4ahWo7u/FsWtn5w+lQxJkGWNg7QOX+2NTzdJD:W4FzqAirJk4ahW6u/FT55w+lQxOG+uQK

Malware Config

Targets

    • Target

      signdestructionmagenta.exe

    • Size

      4.4MB

    • MD5

      aab35d4b8bbe147233674dc8de15a96e

    • SHA1

      0a140510da51b5f1650b00c00f30d5efc5046615

    • SHA256

      82a0f4c583d4e2cf1842d2191ff69bd230d8feacd00cee91fc286c2c2cf30993

    • SHA512

      916b5b901a168c336c1ea8143d8054c9b011f2b52b0d21243c5c328777d62ba1b79c4c21b9fe076d2ca7d735c83955ae293555c7108c36c203d731b842dc1a58

    • SSDEEP

      98304:W9uFzWJAEekrC2wek4ahWo7u/FsWtn5w+lQxJkGWNg7QOX+2NTzdJD:W4FzqAirJk4ahW6u/FT55w+lQxOG+uQK

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks