General
-
Target
b57420ac8259e8bec20f75a174a515f5.bin
-
Size
6.1MB
-
Sample
241105-y9wjkaxgnh
-
MD5
b57420ac8259e8bec20f75a174a515f5
-
SHA1
71170f2390bad64813425cdc4436898cfe2ad8b0
-
SHA256
e4c6952ea4b5812039fa6a741b66b151afd1863b926b1697dabe7b5605f4dd5a
-
SHA512
14a47c791d6e7cac1c087a7bd43068f4e9bf9bd5ae0086a6e39016c6a4489b2ed8e6b296fbdcdc0d38f41c7d899942ad92c32e8aea9a46c374fc71445c2127ef
-
SSDEEP
98304:VeRmIPtRUnaZCS52hb+5wg/pfTEzeAFNb2OkV/FH4MdvDp1WPXuyL:gPtRzQjaWqBYFNCOktBHdvDsv
Malware Config
Targets
-
-
Target
b57420ac8259e8bec20f75a174a515f5.bin
-
Size
6.1MB
-
MD5
b57420ac8259e8bec20f75a174a515f5
-
SHA1
71170f2390bad64813425cdc4436898cfe2ad8b0
-
SHA256
e4c6952ea4b5812039fa6a741b66b151afd1863b926b1697dabe7b5605f4dd5a
-
SHA512
14a47c791d6e7cac1c087a7bd43068f4e9bf9bd5ae0086a6e39016c6a4489b2ed8e6b296fbdcdc0d38f41c7d899942ad92c32e8aea9a46c374fc71445c2127ef
-
SSDEEP
98304:VeRmIPtRUnaZCS52hb+5wg/pfTEzeAFNb2OkV/FH4MdvDp1WPXuyL:gPtRzQjaWqBYFNCOktBHdvDsv
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand PAYPAL.
-
Detected potential entity reuse from brand STEAM.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1