51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb | Triage

Submit
Reports

Overview

overview

Static

static

7

51e917806f...bb.exe

windows7_x64

1

51e917806f...bb.exe

windows10-2004_x64

Sharing

General

Target

51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
Size

2.3MB
Sample

220213-l5a1vagfe9
MD5

dc1f1308759847a3e7161f284431cc5b
SHA1

7eec4c3e46e3c39e21d0bec2897ce3da261310f9
SHA256

51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
SHA512

0e5bd658fbc09fdca030f02d6ab0e9b9f26fa77d6caff41dccbfa583841f23f3a9197d799fb06272fec44e177f879d06cc3cf2cbd0fefca9ebd9c9a53ef8c5c9

Score

10^/10

evasion spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb.exe

Resource

win10v2004-en-20220113

evasion spyware stealer themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
- Size
  
  2.3MB
- MD5
  
  dc1f1308759847a3e7161f284431cc5b
- SHA1
  
  7eec4c3e46e3c39e21d0bec2897ce3da261310f9
- SHA256
  
  51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
- SHA512
  
  0e5bd658fbc09fdca030f02d6ab0e9b9f26fa77d6caff41dccbfa583841f23f3a9197d799fb06272fec44e177f879d06cc3cf2cbd0fefca9ebd9c9a53ef8c5c9
Score

10^/10

evasion spyware stealer themida trojan
- Suspicious use of NtCreateProcessExOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy