e253b236af6d45f687424ca1d9354320aae579fbd539b89a85c807e3b52f4574 | Triage

Submit
Reports

Overview

overview

Static

static

7

START_ME.exe

windows7_x64

START_ME.exe

windows10_x64

Sharing

General

Target

607ffeb1ad2f9c06cd2ad02c.zip
Size

10.5MB
Sample

210421-m54jb33xm2
MD5

05ebe6b7c2a76bfb2998050a97c5d868
SHA1

2c0328abdd43bdfd6e84e2ebef91639f1fff1ea8
SHA256

e253b236af6d45f687424ca1d9354320aae579fbd539b89a85c807e3b52f4574
SHA512

5a91ee4b00e9b5b9666d96e72bc9fea95c8e086d49eecc44b7374d7fe661553e9b11227ea34c26b1414867d39ac269cb9a48536cbdedf1a140f83b51691c8608

Score

10^/10

evasion pyinstaller themida

Static task

static1

themida pyinstaller

Behavioral task

behavioral1

Sample

START_ME.exe

Resource

win7v20210408

evasion themida

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

START_ME.exe

Resource

win10v20210410

evasion themida

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://marlasinger.tylerdurdenceketi.com/vault/mitre/T1003/Invoke-Mimikatz.ps1

Targets

- Target
  
  START_ME.exe
- Size
  
  981KB
- MD5
  
  fbd344cb2db910d8d109b5b63ae11757
- SHA1
  
  0a04c5925db22547ee3f638e036366e475d8be99
- SHA256
  
  41b987215931740b614e90ba63c4f663d05eda3b8cc22fbb0e7cc7b55f4beec4
- SHA512
  
  e5b91ce7f680b7d27d736482454aa288c65f02c7761a6123846df856488231486acaec1644ec74cde4fad4db4d10a0cbeeb234885a4ab2ca73c7d674219e77b3
Score

10^/10

evasion themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

themidapyinstaller

behavioral1

behavioral2

© 2018-2024

Terms | Privacy