General

  • Target

    vqyyauw.exe

  • Size

    5.4MB

  • Sample

    241123-va8s3axrex

  • MD5

    e882bed1df1394f65df9943cc9726e6f

  • SHA1

    53a25b728bd993d12a4ff6bb5d559c40d3701816

  • SHA256

    c84d35f2958824982cedc7c88c848bc4ceae2c3389365033a34a52ad0060ca4c

  • SHA512

    aedb0526c29eb878c7485c899a42d1cc691dfccb1b7b16e3418ab266888e15d00a148c6201c47a0adcf1db39f24aec6a3bfea9a824702065e1ce2a3c5c9f193b

  • SSDEEP

    98304:37QRplXvUQijINsV48p2DN0MvJ7mBdkH1CFYOuwn95gF+C:8rhsQijIV8p2DNjNmRFYGDgFx

Malware Config

Targets

    • Target

      vqyyauw.exe

    • Size

      5.4MB

    • MD5

      e882bed1df1394f65df9943cc9726e6f

    • SHA1

      53a25b728bd993d12a4ff6bb5d559c40d3701816

    • SHA256

      c84d35f2958824982cedc7c88c848bc4ceae2c3389365033a34a52ad0060ca4c

    • SHA512

      aedb0526c29eb878c7485c899a42d1cc691dfccb1b7b16e3418ab266888e15d00a148c6201c47a0adcf1db39f24aec6a3bfea9a824702065e1ce2a3c5c9f193b

    • SSDEEP

      98304:37QRplXvUQijINsV48p2DN0MvJ7mBdkH1CFYOuwn95gF+C:8rhsQijIV8p2DNjNmRFYGDgFx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks