Overview

overview

9

Static

static

7

47241b345d...25.exe

windows7_x64

9

47241b345d...25.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47241b345de4eb4177705e586649da25

  • Size

    2.7MB

  • Sample

    220107-pf3akscbh7

  • MD5

    47241b345de4eb4177705e586649da25

  • SHA1

    2d8be32cb553f1b9b15b248efd51823a14eda39b

  • SHA256

    590d4f64a1063d7cdd9b224e7e73b6dd4b04dba2323e80aba08b4eff5eeb6fef

  • SHA512

    4255e00a8fc85ddc6fb0f80b3c79d9e96bdc3b1687c44c093fd7056d1edfee049478ccc28a1d264d71b68d3bcb3b6c0647a101ad93d51c741213aada61ab680a

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      47241b345de4eb4177705e586649da25

    • Size

      2.7MB

    • MD5

      47241b345de4eb4177705e586649da25

    • SHA1

      2d8be32cb553f1b9b15b248efd51823a14eda39b

    • SHA256

      590d4f64a1063d7cdd9b224e7e73b6dd4b04dba2323e80aba08b4eff5eeb6fef

    • SHA512

      4255e00a8fc85ddc6fb0f80b3c79d9e96bdc3b1687c44c093fd7056d1edfee049478ccc28a1d264d71b68d3bcb3b6c0647a101ad93d51c741213aada61ab680a

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks