General
-
Target
HWID PERM.exe
-
Size
5.4MB
-
Sample
250205-xdrp3azrgr
-
MD5
8b3b6761a5ada29b0d2e3eba8d739a6a
-
SHA1
be76c501a74fabc3a3b6f4e3c3dcd0f8bba46c0a
-
SHA256
7e28def00bbb57d5a43aee2e2884ba1bec9928f0322a38e12939dbb06f177c91
-
SHA512
9d8bf77b8171b9fcc8de3f2f848f557cfebd15579474175ab903227e587da5ec2437f0f6175961f41436b8a85451a49131fccfff2ebc2f924cc9385d8e15b6b0
-
SSDEEP
98304:v1+UCD8+5HTzqd7qzAqe8luxiIbqIZiwGBdSwOfFS4q:Pl+5HTW9qDFluI3IZi5DqFf
Malware Config
Targets
-
-
Target
HWID PERM.exe
-
Size
5.4MB
-
MD5
8b3b6761a5ada29b0d2e3eba8d739a6a
-
SHA1
be76c501a74fabc3a3b6f4e3c3dcd0f8bba46c0a
-
SHA256
7e28def00bbb57d5a43aee2e2884ba1bec9928f0322a38e12939dbb06f177c91
-
SHA512
9d8bf77b8171b9fcc8de3f2f848f557cfebd15579474175ab903227e587da5ec2437f0f6175961f41436b8a85451a49131fccfff2ebc2f924cc9385d8e15b6b0
-
SSDEEP
98304:v1+UCD8+5HTzqd7qzAqe8luxiIbqIZiwGBdSwOfFS4q:Pl+5HTW9qDFluI3IZi5DqFf
Score10/10-
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
-
ElysiumStealer Support DLL
-
Elysiumstealer family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-