79e74116d9b6641a89f62b78d9b51450612c33cb346d1c86521ce5a8313d24c6 | Triage

Submit
Reports

Overview

overview

9

Static

static

5

AdGuard.v7....0.exe

windows7_x64

9

AdGuard.v7....0.exe

windows10_x64

9

Sharing

General

Target

AdGuard.v7.7.3715.0.exe
Size

24.2MB
Sample

211016-r211rachaq
MD5

4f9a9b1b7da87ecd06db9996d7d4acfe
SHA1

f813c4b15688d02a467155148c95b75e85aa449f
SHA256

79e74116d9b6641a89f62b78d9b51450612c33cb346d1c86521ce5a8313d24c6
SHA512

94e83197964e4a26c2320423c5d587c29f13d955ffaa69dc9ea50b6be5e91bf397bb29f1ff76b24329ad859e8f3c20d81dbf73f8cd39f72efaba4046553034cd

Score

9^/10

evasion macro themida trojan xlm

Static task

static1

Behavioral task

behavioral1

Sample

AdGuard.v7.7.3715.0.exe

Resource

win7-en-20211014

evasion macro themida trojan xlm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

AdGuard.v7.7.3715.0.exe

Resource

win10-en-20210920

evasion macro themida trojan xlm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  AdGuard.v7.7.3715.0.exe
- Size
  
  24.2MB
- MD5
  
  4f9a9b1b7da87ecd06db9996d7d4acfe
- SHA1
  
  f813c4b15688d02a467155148c95b75e85aa449f
- SHA256
  
  79e74116d9b6641a89f62b78d9b51450612c33cb346d1c86521ce5a8313d24c6
- SHA512
  
  94e83197964e4a26c2320423c5d587c29f13d955ffaa69dc9ea50b6be5e91bf397bb29f1ff76b24329ad859e8f3c20d81dbf73f8cd39f72efaba4046553034cd
Score

9^/10

evasion macro themida trojan xlm
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionmacrothemidatrojanxlm

behavioral2

evasionmacrothemidatrojanxlm

© 2018-2024

Terms | Privacy