Overview

overview

9

Static

static

7

32a7dc2a38...d2.exe

windows7_x64

9

32a7dc2a38...d2.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32a7dc2a385867fa2224c6e58f8a64102e0bff1147fed2707a9c48e38e8666d2

  • Size

    2.7MB

  • Sample

    220212-kpqwpaaca8

  • MD5

    908cfbc12ebc4d187f8d262b53e8ca3e

  • SHA1

    01bcf5796c5a95fd02ec237de3326f09dbd4c12b

  • SHA256

    32a7dc2a385867fa2224c6e58f8a64102e0bff1147fed2707a9c48e38e8666d2

  • SHA512

    e18aaf8bc06dc3b096963228ab7cf2ed652c30efd0d4f441607401849f171866eb59c05446835c0707226d36131ffdf8e0f9d641de8b8427393e7335b73ffdec

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      32a7dc2a385867fa2224c6e58f8a64102e0bff1147fed2707a9c48e38e8666d2

    • Size

      2.7MB

    • MD5

      908cfbc12ebc4d187f8d262b53e8ca3e

    • SHA1

      01bcf5796c5a95fd02ec237de3326f09dbd4c12b

    • SHA256

      32a7dc2a385867fa2224c6e58f8a64102e0bff1147fed2707a9c48e38e8666d2

    • SHA512

      e18aaf8bc06dc3b096963228ab7cf2ed652c30efd0d4f441607401849f171866eb59c05446835c0707226d36131ffdf8e0f9d641de8b8427393e7335b73ffdec

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks