General

  • Target

    e2e4269167950f8484107762b3634779c3a556a4e3af66d3e5206b34019100bfN.exe

  • Size

    150KB

  • Sample

    241112-nvbwha1lat

  • MD5

    cfc7d2bdbf1ec7ded14f91a2595b1057

  • SHA1

    3cfcb10da34181168059a0fd20e7fc8def317a64

  • SHA256

    34f586d6a0d141eea8f6324001831772a538060e9a075e6d1d0cf2aa6e930f76

  • SHA512

    64d817fa12637da2b276bc7801e9813cc718e76eedcd2bb1b84c3bd5df8b4d62e47fac46a16afa2d3779c927a58d2d55263e4d82cd47539b096d22deef48fd42

  • SSDEEP

    3072:5JxiXftHXtzxDhH3jyO2iaFdCbK/1yJMH6y9Qys9TZP:9CfVfhHzyOU7Cb60I6l9ZP

Malware Config

Targets

    • Target

      e2e4269167950f8484107762b3634779c3a556a4e3af66d3e5206b34019100bfN.exe

    • Size

      150KB

    • MD5

      cfc7d2bdbf1ec7ded14f91a2595b1057

    • SHA1

      3cfcb10da34181168059a0fd20e7fc8def317a64

    • SHA256

      34f586d6a0d141eea8f6324001831772a538060e9a075e6d1d0cf2aa6e930f76

    • SHA512

      64d817fa12637da2b276bc7801e9813cc718e76eedcd2bb1b84c3bd5df8b4d62e47fac46a16afa2d3779c927a58d2d55263e4d82cd47539b096d22deef48fd42

    • SSDEEP

      3072:5JxiXftHXtzxDhH3jyO2iaFdCbK/1yJMH6y9Qys9TZP:9CfVfhHzyOU7Cb60I6l9ZP

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks