General

  • Target

    d10d8b324e9025b0e7da6553b0fc2f77da8e1b7c4f5102799d49c11ad960e08b

  • Size

    5.3MB

  • Sample

    250111-bk1ewsypcn

  • MD5

    9c8d1ede5528039e18c96b05cee29363

  • SHA1

    8fc90de490078029f5328c92093153220217348a

  • SHA256

    d10d8b324e9025b0e7da6553b0fc2f77da8e1b7c4f5102799d49c11ad960e08b

  • SHA512

    6595bb85a9ae9b3c9c02328227def8be9b56ad7e8f47dc150ae8d872488e92efe03b0ab4f002a5b38602eeb6bbffcd568b8da97e8141ae4898a4b24fab783933

  • SSDEEP

    98304:SBNN/N91h2eDZQjL7sU8I5DKBWoClkRGJewd8Y3evBQ9LtYVrEx3/o6ETgKbWyu:e9GeDVI5DKBWZlkgJedYs6LtYdEhqTgY

Malware Config

Targets

    • Target

      d10d8b324e9025b0e7da6553b0fc2f77da8e1b7c4f5102799d49c11ad960e08b

    • Size

      5.3MB

    • MD5

      9c8d1ede5528039e18c96b05cee29363

    • SHA1

      8fc90de490078029f5328c92093153220217348a

    • SHA256

      d10d8b324e9025b0e7da6553b0fc2f77da8e1b7c4f5102799d49c11ad960e08b

    • SHA512

      6595bb85a9ae9b3c9c02328227def8be9b56ad7e8f47dc150ae8d872488e92efe03b0ab4f002a5b38602eeb6bbffcd568b8da97e8141ae4898a4b24fab783933

    • SSDEEP

      98304:SBNN/N91h2eDZQjL7sU8I5DKBWoClkRGJewd8Y3evBQ9LtYVrEx3/o6ETgKbWyu:e9GeDVI5DKBWZlkgJedYs6LtYdEhqTgY

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks