General

  • Target

    Vortex Crypter.exe

  • Size

    5.9MB

  • Sample

    250206-xntbmstmaw

  • MD5

    95373b3cad383bc50fe84a2a598b5cfb

  • SHA1

    e65e24821a2167656a2bc2dffbb1bd82cd08aeec

  • SHA256

    d02da3d3909dc335bee98ffb284ce5413c84d349137c236715a9f898eba6fa42

  • SHA512

    9756fb770c8e6716328b1046fb0fd6bbccb16cbcdc7e05f581a47264f89ab0f5f9a691b1b0857a9f2fad1018ab81aa158de7a07446a28311f0aba3088b35b82e

  • SSDEEP

    98304:CWhgNN/N91h2eDZQjL7sU8I5DKBWoClkRGJewd8Y3evBQ9LtYVrEx3/o6ETgKbWt:Cwy9GeDVI5DKBWZlkgJedYs6LtYdEhq4

Malware Config

Targets

    • Target

      Vortex Crypter.exe

    • Size

      5.9MB

    • MD5

      95373b3cad383bc50fe84a2a598b5cfb

    • SHA1

      e65e24821a2167656a2bc2dffbb1bd82cd08aeec

    • SHA256

      d02da3d3909dc335bee98ffb284ce5413c84d349137c236715a9f898eba6fa42

    • SHA512

      9756fb770c8e6716328b1046fb0fd6bbccb16cbcdc7e05f581a47264f89ab0f5f9a691b1b0857a9f2fad1018ab81aa158de7a07446a28311f0aba3088b35b82e

    • SSDEEP

      98304:CWhgNN/N91h2eDZQjL7sU8I5DKBWoClkRGJewd8Y3evBQ9LtYVrEx3/o6ETgKbWt:Cwy9GeDVI5DKBWZlkgJedYs6LtYdEhq4

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks