49205066be5c224aff397c4b4021062f937e2b3ac2d2ba89425dcb3ac5c04a76 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

492050-mine.exe

windows7_x64

9

Sharing

General

Target

492050-mine.bin
Size

2.6MB
Sample

220217-m9t5ysccbl
MD5

1c381d4bebe2ee6cc9fbf1510cf0e025
SHA1

ee3442ea2ca7ab1afc89ba94a4011f5e1f9dfc4e
SHA256

49205066be5c224aff397c4b4021062f937e2b3ac2d2ba89425dcb3ac5c04a76
SHA512

577117e0d26d10ac120e3f6d05154b1ca24eb5b4f769343eeffb136cd55eeb1f7a835b0a38f8946eec702209f94ce76fc19d80da1a0b770c2d8a8445234487e7

Score

9^/10

evasion themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

492050-mine.exe

Resource

win7-en-20211208

evasion themida trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  492050-mine.bin
- Size
  
  2.6MB
- MD5
  
  1c381d4bebe2ee6cc9fbf1510cf0e025
- SHA1
  
  ee3442ea2ca7ab1afc89ba94a4011f5e1f9dfc4e
- SHA256
  
  49205066be5c224aff397c4b4021062f937e2b3ac2d2ba89425dcb3ac5c04a76
- SHA512
  
  577117e0d26d10ac120e3f6d05154b1ca24eb5b4f769343eeffb136cd55eeb1f7a835b0a38f8946eec702209f94ce76fc19d80da1a0b770c2d8a8445234487e7
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2024

Terms | Privacy