Overview

overview

9

Static

static

7

2583b86afc...46.exe

windows7_x64

9

2583b86afc...46.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2583b86afc2edbd36516fa207c6d8646

  • Size

    3.1MB

  • Sample

    220617-xqb55sfee7

  • MD5

    2583b86afc2edbd36516fa207c6d8646

  • SHA1

    710c31523ba20d61e001be4c09810adf08af8978

  • SHA256

    b55e5d9ac18a8d5cc43f4cdc8046865fa97237073c8cc6ab5bd5e4ad1e63df2f

  • SHA512

    42cae1d004c50110e53051e0d831c45def6e2ad9fe6f0ba1c1bb07ceea0c9de4ed3735927ff0c640ea9b3159419b2603fd765fc11ff96f91ce9ea8970907190d

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      2583b86afc2edbd36516fa207c6d8646

    • Size

      3.1MB

    • MD5

      2583b86afc2edbd36516fa207c6d8646

    • SHA1

      710c31523ba20d61e001be4c09810adf08af8978

    • SHA256

      b55e5d9ac18a8d5cc43f4cdc8046865fa97237073c8cc6ab5bd5e4ad1e63df2f

    • SHA512

      42cae1d004c50110e53051e0d831c45def6e2ad9fe6f0ba1c1bb07ceea0c9de4ed3735927ff0c640ea9b3159419b2603fd765fc11ff96f91ce9ea8970907190d

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks