Overview

overview

9

Static

static

7

airplane.wtf.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    airplane.wtf.exe

  • Size

    3.8MB

  • Sample

    220214-spsz2sbbaq

  • MD5

    fb1e695f13801baad5faec13476caea0

  • SHA1

    234cbf5fb007db06026223c9bf0dc2a57c633570

  • SHA256

    f47b1ed305aa05b5b84e7b994e8e6e5e8013831fec6b8922e8309d5ce28f12bc

  • SHA512

    258005109e2b4e8974411c292dc06293783c904649bd61792c814e532cfd578e00a8576cda26158d20718d484774a3362ce0fe6140ddeb30169c28ea506f04ad

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      airplane.wtf.exe

    • Size

      3.8MB

    • MD5

      fb1e695f13801baad5faec13476caea0

    • SHA1

      234cbf5fb007db06026223c9bf0dc2a57c633570

    • SHA256

      f47b1ed305aa05b5b84e7b994e8e6e5e8013831fec6b8922e8309d5ce28f12bc

    • SHA512

      258005109e2b4e8974411c292dc06293783c904649bd61792c814e532cfd578e00a8576cda26158d20718d484774a3362ce0fe6140ddeb30169c28ea506f04ad

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks