0584c52f946e866ea2caa2814b6a1787ef8470e85efdebab6e8fcee4654006df | Triage

Submit
Reports

Overview

overview

9

Static

static

GEe97Z.msi

windows7_x64

9

GEe97Z.msi

windows10-2004_x64

6

Sharing

General

Target

0584c52f946e866ea2caa2814b6a1787ef8470e85efdebab6e8fcee4654006df
Size

4.4MB
Sample

220521-ngsxvsghak
MD5

b5254c6578562b5cfd776c9cdb930022
SHA1

6a53830f5b5de17eb30eb8736c6380e80f547c69
SHA256

0584c52f946e866ea2caa2814b6a1787ef8470e85efdebab6e8fcee4654006df
SHA512

1f2e6ac0b61c24384e5075d92a266a901c00a72a62c1b158d0780ba3cc32e6afd410328e4d3f428d83c9b92d48a292b5213d27cf297b253921176bf25fef24e7

Score

9^/10

evasion themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

GEe97Z.msi

Resource

win7-20220414-en

evasion themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GEe97Z.msi

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  GEe97Z.msi
- Size
  
  4.5MB
- MD5
  
  4cd8781e8e4decc80f164492cb452a91
- SHA1
  
  9f920f504d5a918ef4aa7bd725b6a9ba58c010f1
- SHA256
  
  4447d83b1a103618cea2deaed2e10d38aef10df6dfd7c24288e632004d4590ea
- SHA512
  
  f33d567ddd5e2ae81b89b42d8d27686cb29b10c34dc48d6462377c8d6138e79b1107ecf622c4220ef8ffee01b1f986c2b3f56d89733a8ef6175f081b723aa7b1
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

© 2018-2024

Terms | Privacy