General

  • Target

    b2a35921c68b97b0ab20fa05f961cba6ddc0f7ccdd73562e18a9697209e36bc1.exe

  • Size

    2.9MB

  • Sample

    250204-znj43s1rb1

  • MD5

    f53b1e91522611bffb9d7e6d5a8bde03

  • SHA1

    1118847c23795d389a616fe1da649f7c457c2b34

  • SHA256

    b2a35921c68b97b0ab20fa05f961cba6ddc0f7ccdd73562e18a9697209e36bc1

  • SHA512

    91b5367aedd37327607ff03dcf7b33f51b8f4bb3553263636f5351fa318bc1ec390514e163559d1deaadf78e1639af515ed3a03d2194be4a60cde8b3edcb8226

  • SSDEEP

    49152:Q6lBQmLa04vvEn0x4uImdAqeRRkGBG1Z+XLsNy7mR4fjrxUtu2nwIiXzG:blBQTvg0x4uImSb1w1byqKrmnPIzG

Malware Config

Targets

    • Target

      b2a35921c68b97b0ab20fa05f961cba6ddc0f7ccdd73562e18a9697209e36bc1.exe

    • Size

      2.9MB

    • MD5

      f53b1e91522611bffb9d7e6d5a8bde03

    • SHA1

      1118847c23795d389a616fe1da649f7c457c2b34

    • SHA256

      b2a35921c68b97b0ab20fa05f961cba6ddc0f7ccdd73562e18a9697209e36bc1

    • SHA512

      91b5367aedd37327607ff03dcf7b33f51b8f4bb3553263636f5351fa318bc1ec390514e163559d1deaadf78e1639af515ed3a03d2194be4a60cde8b3edcb8226

    • SSDEEP

      49152:Q6lBQmLa04vvEn0x4uImdAqeRRkGBG1Z+XLsNy7mR4fjrxUtu2nwIiXzG:blBQTvg0x4uImSb1w1byqKrmnPIzG

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks