ActivateFullSetup.exe

Target

Activate__Full__Setup.exe

Size

2MB

Sample

220119-tr9w1sbdh8

Score

10 ^/10

MD5

1e07343c234d91c56b9dd6618fe2707e

SHA1

f6d0f9b4543897d9cc5fa6cf98003b74cdf5c237

SHA256

32d3346ff0178589981d808bfd950b5867e6245bd659d27341269af83785bd6e

SHA512

a8ecc970e83fada0bff522321376987e28224f57782deabb69c986be6f7caa9c0f9e7c85d6350ac7236f1a7c6b2e1d44230f9a92a59770793c5b2fb3df52de9b

Target

Activate__Full__Setup.exe

MD5

1e07343c234d91c56b9dd6618fe2707e

Filesize

2MB

Score

10^/10

SHA1

f6d0f9b4543897d9cc5fa6cf98003b74cdf5c237

SHA256

32d3346ff0178589981d808bfd950b5867e6245bd659d27341269af83785bd6e

SHA512

a8ecc970e83fada0bff522321376987e28224f57782deabb69c986be6f7caa9c0f9e7c85d6350ac7236f1a7c6b2e1d44230f9a92a59770793c5b2fb3df52de9b

Signatures

evasion
Description

evasion.
Tags

evasion
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags

evasion

TTPs

Query RegistryVirtualization/Sandbox Evasion
Downloads MZ/PE file
Executes dropped EXE
Checks BIOS information in registry
Description

BIOS information is often read in order to detect sandboxing environments.
TTPs

Query RegistrySystem Information Discovery
Drops startup file
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Themida packer
Description

Detects Themida, an advanced Windows software protection system.
Tags

themida
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry
Checks whether UAC is enabled
Tags

evasion trojan

TTPs

System Information Discovery
Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

behavioral1 behavioral2 behavioral3

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Virtualization/Sandbox Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

themida

7^/10

behavioral1

evasion themida trojan

10^/10

behavioral2

discovery evasion spyware stealer themida trojan

10^/10

behavioral3

1^/10

Tags

Signatures

evasion

Description

Tags

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Tags

TTPs

Downloads MZ/PE file

Executes dropped EXE

Checks BIOS information in registry

Description

TTPs

Drops startup file

Reads user/profile data of web browsers

Description

Tags

TTPs

Themida packer

Description

Tags

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Checks whether UAC is enabled

Tags

TTPs

Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

static1

behavioral1

behavioral2

behavioral3