f84d2af6ba8cf7bacc684fac666335b963632ce17775fa0bd7d25de9282cde01 | Triage

Sharing

General

Target

f84d2af6ba8cf7bacc684fac666335b963632ce17775fa0bd7d25de9282cde01
Size

3.0MB
Sample

211218-dd5gdafbhk
MD5

fd73f81aa14d9ac2bed06703ddb406fc
SHA1

71201a58ed4a950b3b5fb1f01c2a4826f9e98180
SHA256

f84d2af6ba8cf7bacc684fac666335b963632ce17775fa0bd7d25de9282cde01
SHA512

b0474899f93aa9d46090fb02c6ef1a8ce283a19be29f13eec70b32059752c50fed05aa507da83c20a9a580f941d9987bb9c93518fac8210c3bd6a0cf815bf407

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  f84d2af6ba8cf7bacc684fac666335b963632ce17775fa0bd7d25de9282cde01
- Size
  
  3.0MB
- MD5
  
  fd73f81aa14d9ac2bed06703ddb406fc
- SHA1
  
  71201a58ed4a950b3b5fb1f01c2a4826f9e98180
- SHA256
  
  f84d2af6ba8cf7bacc684fac666335b963632ce17775fa0bd7d25de9282cde01
- SHA512
  
  b0474899f93aa9d46090fb02c6ef1a8ce283a19be29f13eec70b32059752c50fed05aa507da83c20a9a580f941d9987bb9c93518fac8210c3bd6a0cf815bf407
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan