ec9c47685aaf2711429538df1efddeace58992d79f685387778f0a99af4cdbe5 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

D8C7.exe

windows7_x64

9

D8C7.exe

windows10_x64

9

Sharing

General

Target

D8C7.exe
Size

2.8MB
Sample

210926-sdvz9sehem
MD5

a8f923639f9b10392a12e409a4b65d80
SHA1

5dc1b8d6751f37ac2cfa526e35de2bedac479332
SHA256

ec9c47685aaf2711429538df1efddeace58992d79f685387778f0a99af4cdbe5
SHA512

57a34ad6388e675c69dcce9a5a8761d9d7ec80be3229545b82dfd8bf16f0702ccdf6a51b8316d569f10f8a6e2e9b9e78ee07227b73d356984a10061b63921214

Score

9^/10

discovery evasion spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

D8C7.exe

Resource

win7v20210408

discovery evasion spyware stealer themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

D8C7.exe

Resource

win10v20210408

discovery evasion spyware stealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  D8C7.exe
- Size
  
  2.8MB
- MD5
  
  a8f923639f9b10392a12e409a4b65d80
- SHA1
  
  5dc1b8d6751f37ac2cfa526e35de2bedac479332
- SHA256
  
  ec9c47685aaf2711429538df1efddeace58992d79f685387778f0a99af4cdbe5
- SHA512
  
  57a34ad6388e675c69dcce9a5a8761d9d7ec80be3229545b82dfd8bf16f0702ccdf6a51b8316d569f10f8a6e2e9b9e78ee07227b73d356984a10061b63921214
Score

9^/10

discovery evasion spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealerthemidatrojan

behavioral2

discoveryevasionspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy