APP.exe.zip

Target

APP.exe.zip

Size

5MB

Sample

210924-bad4xafdfr

Score

9 ^/10

MD5

4f3669edb010f5db21b13a088182b8fe

SHA1

892447e55ff7a3ac5d26c573bb8eb4607b41ba1e

SHA256

b70b9039ec4b33987a991c5c20729eb3310d7406b8d15161037df3b21fd968bb

SHA512

a6c1911bd010c13630b9921fefbfd5a495ed3786e347c208602f25bd9e8f49be28d6711a971bd74f87f303bd312862fea730483045fd4b74410c76e9fbe59ea7

Target

APP.exe

MD5

a0b4d2c96937104bcffd21ce69885a59

Filesize

5MB

Score

9^/10

SHA1

6cda6e2bee6d67a5f407e4d7e96af9d76bfa7c79

SHA256

72cb50e5791e1fcb11d24bc4cff3b44379a529c5549fbf6f500adcd67bfe9139

SHA512

17b1b4de1bddb7f357744ace07509481e80eb8a63fa9c39ee00ecd7eba3b03611eb0e2329e88e20b05e8a2655fa67a7b699c8455c1fa9aebeba4384151ae2ee0

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags

evasion

TTPs

Query RegistryVirtualization/Sandbox Evasion
Checks BIOS information in registry
Description

BIOS information is often read in order to detect sandboxing environments.
TTPs

Query RegistrySystem Information Discovery
Themida packer
Description

Detects Themida, an advanced Windows software protection system.
Tags

themida
Checks whether UAC is enabled
Tags

evasion trojan

TTPs

System Information Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Virtualization/Sandbox Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

themida

7^/10

behavioral1

evasion themida trojan

9^/10

behavioral2

evasion themida trojan

9^/10

Tags

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Tags

TTPs

Checks BIOS information in registry

Description

TTPs

Themida packer

Description

Tags

Checks whether UAC is enabled

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2