Overview

overview

9

Static

static

7

BJEBEL9UBF...9E.dll

windows7_x64

9

BJEBEL9UBF...9E.dll

windows10-2004_x64

9

H1ZGRUEJUY...HX.exe

windows7_x64

1

H1ZGRUEJUY...HX.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aeed49c65295513b0254559128415e516ffe4491b4038183965225251e9813b6

  • Size

    8.8MB

  • Sample

    220521-p5fg4sbhbj

  • MD5

    015b22c976fd2a5f65efef1d3b33d01f

  • SHA1

    eba467b70f7581d64f18d9c75d878b01a3f572f7

  • SHA256

    aeed49c65295513b0254559128415e516ffe4491b4038183965225251e9813b6

  • SHA512

    17b4d1433263058de66782b4763f06795ec80ad4886132a6954a294c0a0e0900fec83ce414136951614aa515ec62d6a52f1123f12044fe0cb37a6ed8ba2d6f44

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      BJEBEL9UBFA2EIDN5GRFS5C09QO1YYW0K19TF9E

    • Size

      8.5MB

    • MD5

      43f089b7855dfe47e1dfe348445b5865

    • SHA1

      8b20f11e27be02a8bda40ca9f48603e7adfd76de

    • SHA256

      33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a

    • SHA512

      8a7f7a2dc536849f9452317ace271c398a623be305d74c4c0ea4acbdcb9a314a407d5075fadb41637ef751b1cee517e1df11c9d9f180fd016337f54103fa5fd8

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      H1ZGRUEJUYOGBIJ307WC4YFDIMZL7OG83UHX

    • Size

      883KB

    • MD5

      3d9e621aa8d9d1a97eff65affaee6cc2

    • SHA1

      79c2c6e16d566912eb10cca2895539b9adb88cdb

    • SHA256

      54e90ef3b2121408e03bb343b70583fe15a2ca24d5d76e8129766dbaa22817c5

    • SHA512

      3d2d91393bffb3cfc1b919d5d4fadad1a2daa5d7ae54b0007e6c33af311c3ffb2f1b4e008d016d4043a2a0433e838d940f47bf4a857484878c46dd985c545a55

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks