General

  • Target

    Fuckup.zip

  • Size

    14.2MB

  • Sample

    241222-v1rmgavmal

  • MD5

    41fe9e1938dce901a810eb7da99d6140

  • SHA1

    7f2e6aa9e7dd8bce6309411fb0d584115fa9033a

  • SHA256

    578abc64059b33d56e548c336c95497ddfe4cc63425d2c9efe2d70e2cc02fda2

  • SHA512

    c6cee7025d510e731d5e941b385c2aa70a380074a067863505cff6af0eaa41c69e3da85a98a3b32981b54e95e6fc39b83ed65bfc88e621581750f260a77a05d6

  • SSDEEP

    393216:GH9mTr4QmKuMvWEa/9YpfNdoTX7LQ4zYeUrW/UEdsR2juChS:tTrfteEaFYpfNdS7LpPAWtA

Malware Config

Targets

    • Target

      Fuckup.zip

    • Size

      14.2MB

    • MD5

      41fe9e1938dce901a810eb7da99d6140

    • SHA1

      7f2e6aa9e7dd8bce6309411fb0d584115fa9033a

    • SHA256

      578abc64059b33d56e548c336c95497ddfe4cc63425d2c9efe2d70e2cc02fda2

    • SHA512

      c6cee7025d510e731d5e941b385c2aa70a380074a067863505cff6af0eaa41c69e3da85a98a3b32981b54e95e6fc39b83ed65bfc88e621581750f260a77a05d6

    • SSDEEP

      393216:GH9mTr4QmKuMvWEa/9YpfNdoTX7LQ4zYeUrW/UEdsR2juChS:tTrfteEaFYpfNdS7LpPAWtA

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks