General

  • Target

    utility-1.0.6.3.exe

  • Size

    83.1MB

  • Sample

    250127-zbwmcavngq

  • MD5

    f1b839e3e730d65be42c55ae50fc9108

  • SHA1

    5abd2f6f1a8e194021c8f9032753eeafb0af54e7

  • SHA256

    1b57734ff8cb74b218aa7c0920933e21142006a868f16e1ff51fab4f1d93d965

  • SHA512

    c52bd2db3e6bf255f6719552a4575928b4b0a69b15300ee48d46418f6de10d4e1871b575a58454c877e6a3b5beb75597110d4aef137725966105bc9344742a95

  • SSDEEP

    1572864:XH5NKTg39geYPkantXvZx9IuBoFQWeLlL+G3ELmKWu5IK4lsOHJ10TER94Jc:nKc39bYPk6BvxBoFVeLFLEyNu5j2HJO2

Malware Config

Targets

    • Target

      utility-1.0.6.3.exe

    • Size

      83.1MB

    • MD5

      f1b839e3e730d65be42c55ae50fc9108

    • SHA1

      5abd2f6f1a8e194021c8f9032753eeafb0af54e7

    • SHA256

      1b57734ff8cb74b218aa7c0920933e21142006a868f16e1ff51fab4f1d93d965

    • SHA512

      c52bd2db3e6bf255f6719552a4575928b4b0a69b15300ee48d46418f6de10d4e1871b575a58454c877e6a3b5beb75597110d4aef137725966105bc9344742a95

    • SSDEEP

      1572864:XH5NKTg39geYPkantXvZx9IuBoFQWeLlL+G3ELmKWu5IK4lsOHJ10TER94Jc:nKc39bYPk6BvxBoFVeLFLEyNu5j2HJO2

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks