Overview

overview

9

Static

static

7

cdf5ca27a9...8b.dll

windows7_x64

9

cdf5ca27a9...8b.dll

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdf5ca27a98fca17596d345e560d822438794c1d17b0120c0336104704762b8b

  • Size

    3.4MB

  • Sample

    220130-vlvqksfgd6

  • MD5

    4fbff7f0f62b26963b56c0fc23486891

  • SHA1

    542d14138497cdcae9b9e32651361f2fd3af96ba

  • SHA256

    cdf5ca27a98fca17596d345e560d822438794c1d17b0120c0336104704762b8b

  • SHA512

    8c2c2896ed0a8577c9e7cddd7ef3a725772a21e34dfa05c8c10c84dc77ec792c90e458d8d4244a0a8a4a87937fc75ed3adc61562c9dca46400f5fca8093b826f

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      cdf5ca27a98fca17596d345e560d822438794c1d17b0120c0336104704762b8b

    • Size

      3.4MB

    • MD5

      4fbff7f0f62b26963b56c0fc23486891

    • SHA1

      542d14138497cdcae9b9e32651361f2fd3af96ba

    • SHA256

      cdf5ca27a98fca17596d345e560d822438794c1d17b0120c0336104704762b8b

    • SHA512

      8c2c2896ed0a8577c9e7cddd7ef3a725772a21e34dfa05c8c10c84dc77ec792c90e458d8d4244a0a8a4a87937fc75ed3adc61562c9dca46400f5fca8093b826f

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks