aa7e600161d7614b3e08d40494f2d4bc

Tags

Signatures

• Identifies VirtualBox via ACPI registry values (likely anti-VM)

  Tags

  evasion

  TTPs

  Query RegistryVirtualization/Sandbox Evasion

• Executes dropped EXE

• Checks BIOS information in registry

  Description

  BIOS information is often read in order to detect sandboxing environments.

  TTPs

  Query RegistrySystem Information Discovery

• Drops startup file

• Loads dropped DLL

• Themida packer

  Description

  Detects Themida, an advanced Windows software protection system.

  Tags

  themida

• Checks whether UAC is enabled

  Tags

  evasiontrojan

  TTPs

  System Information Discovery

• Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks