Resubmissions

01-12-2024 13:32

241201-qtft6sxkdk 10

01-12-2024 13:27

241201-qp8pdssmax 10

General

  • Target

    Latest_protected.exe

  • Size

    5.6MB

  • Sample

    241201-qp8pdssmax

  • MD5

    6609fbd025ee98c12839bd46bc6a7d29

  • SHA1

    53712a862ffdbf172cc93c203023c9feeb13e436

  • SHA256

    0ecb9b2ccd461e33db5a31cb422c91acf6cffc1d65650f980288175c0f62e5e1

  • SHA512

    8af86784156ca9b6fdcd530b4ef0d22b727ce6199f585947d0ddcd70a786bf58702268a5211440a39c84d745f6bf229476fc33e9364c6f9628d3e19b9c1cbfd2

  • SSDEEP

    98304:Kw31I0VJIFNf9YDNSrk6MA+bHQkOGHezT8Bu9tiSD53I4kf9Yf6Iq7NRvUSeKQYR:11I0VJIF195rkPA++FDkfTIqp3An9c5

Malware Config

Targets

    • Target

      Latest_protected.exe

    • Size

      5.6MB

    • MD5

      6609fbd025ee98c12839bd46bc6a7d29

    • SHA1

      53712a862ffdbf172cc93c203023c9feeb13e436

    • SHA256

      0ecb9b2ccd461e33db5a31cb422c91acf6cffc1d65650f980288175c0f62e5e1

    • SHA512

      8af86784156ca9b6fdcd530b4ef0d22b727ce6199f585947d0ddcd70a786bf58702268a5211440a39c84d745f6bf229476fc33e9364c6f9628d3e19b9c1cbfd2

    • SSDEEP

      98304:Kw31I0VJIFNf9YDNSrk6MA+bHQkOGHezT8Bu9tiSD53I4kf9Yf6Iq7NRvUSeKQYR:11I0VJIF195rkPA++FDkfTIqp3An9c5

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • Elysiumstealer family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks