General
-
Target
Heist Editor 3.6.3.exe
-
Size
8.6MB
-
Sample
240630-ve19sa1brh
-
MD5
c43cdd2785bf7e323d7922237248265a
-
SHA1
31c05cd16d39fb0b1d70b1951f7645ef1f86a861
-
SHA256
fd34cf73063dec1eaede7a54c136f445ff74ca23c6f0d520db97cfbc2b6f64d2
-
SHA512
6cca4a9e01f4c7cd9684faf8f7e01b9a30775819f7382c5866b677dead26f149623d36a60bbf37024b2208aea565499cbf269e8f7037bda1a75f2ea6ed8d67f2
-
SSDEEP
196608:XHKnkM9zPz9utcP5SOc0zy7EutBL+WsmlAQR+7Wnmg:XHwhrAtcxq0z/6+WypaJ
Static task
static1
Behavioral task
behavioral1
Sample
Heist Editor 3.6.3.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Heist Editor 3.6.3.exe
-
Size
8.6MB
-
MD5
c43cdd2785bf7e323d7922237248265a
-
SHA1
31c05cd16d39fb0b1d70b1951f7645ef1f86a861
-
SHA256
fd34cf73063dec1eaede7a54c136f445ff74ca23c6f0d520db97cfbc2b6f64d2
-
SHA512
6cca4a9e01f4c7cd9684faf8f7e01b9a30775819f7382c5866b677dead26f149623d36a60bbf37024b2208aea565499cbf269e8f7037bda1a75f2ea6ed8d67f2
-
SSDEEP
196608:XHKnkM9zPz9utcP5SOc0zy7EutBL+WsmlAQR+7Wnmg:XHwhrAtcxq0z/6+WypaJ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-