Triage | Malware sandboxing report by Hatching Triage

Resubmissions

23-10-2021 13:49

211023-q4pj3acda6 9

27-09-2021 16:25

210927-tw86aahecn 10

27-09-2021 16:15

210927-tp7c4shebk 10

25-09-2021 21:37

210925-1glj1adhh7 9

24-09-2021 00:57

210924-bbd6asfdgj 10

24-09-2021 00:56

210924-bad4xafdfr 9

24-09-2021 00:43

210924-a2zz1sfdh6 10

Sharing

General

Target

APP.exe.zip
Size

5MB
Sample

210924-bad4xafdfr
MD5

4f3669edb010f5db21b13a088182b8fe
SHA1

892447e55ff7a3ac5d26c573bb8eb4607b41ba1e
SHA256

b70b9039ec4b33987a991c5c20729eb3310d7406b8d15161037df3b21fd968bb
SHA512

a6c1911bd010c13630b9921fefbfd5a495ed3786e347c208602f25bd9e8f49be28d6711a971bd74f87f303bd312862fea730483045fd4b74410c76e9fbe59ea7

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  APP.exe
- Size
  
  5MB
- MD5
  
  a0b4d2c96937104bcffd21ce69885a59
- SHA1
  
  6cda6e2bee6d67a5f407e4d7e96af9d76bfa7c79
- SHA256
  
  72cb50e5791e1fcb11d24bc4cff3b44379a529c5549fbf6f500adcd67bfe9139
- SHA512
  
  17b1b4de1bddb7f357744ace07509481e80eb8a63fa9c39ee00ecd7eba3b03611eb0e2329e88e20b05e8a2655fa67a7b699c8455c1fa9aebeba4384151ae2ee0
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Virtualization/Sandbox Evasion

Discovery

Query Registry

T1012

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan