General
-
Target
HWIDPERM.exe
-
Size
5.6MB
-
Sample
250219-1msv9szkdv
-
MD5
0174f56a8332b4584ba7c5e0613ee5cb
-
SHA1
447a233cf7b6f6a69abfcf5dc92d07d4de9dfd95
-
SHA256
f89692039499443e03edad55335a05451c18d6cc307b767556cd99fa7ee77f16
-
SHA512
2fab9baee8221ee5f93623b7bcfbe8db061df2729e0fa530eb9f353c6cff80270e187548eb6fc3db102e9a255c29ed5884d655488fbf1a482921f7b58a1e2e26
-
SSDEEP
98304:1OndwcEvG+FCdZggUjB+mbKWk6q9Ck8Z43xTkTi7b5XTUAIE+rYS+espx7:1OndEe+MXgdjB+mYUk8eATY9Tnax5Q
Malware Config
Targets
-
-
Target
HWIDPERM.exe
-
Size
5.6MB
-
MD5
0174f56a8332b4584ba7c5e0613ee5cb
-
SHA1
447a233cf7b6f6a69abfcf5dc92d07d4de9dfd95
-
SHA256
f89692039499443e03edad55335a05451c18d6cc307b767556cd99fa7ee77f16
-
SHA512
2fab9baee8221ee5f93623b7bcfbe8db061df2729e0fa530eb9f353c6cff80270e187548eb6fc3db102e9a255c29ed5884d655488fbf1a482921f7b58a1e2e26
-
SSDEEP
98304:1OndwcEvG+FCdZggUjB+mbKWk6q9Ck8Z43xTkTi7b5XTUAIE+rYS+espx7:1OndEe+MXgdjB+mYUk8eATY9Tnax5Q
Score10/10-
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
-
ElysiumStealer Support DLL
-
Elysiumstealer family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
3