Overview

overview

9

Static

static

7

jetxpvyoad.dll

windows7_x64

9

jetxpvyoad.dll

windows10-2004_x64

9

x84ltcosp6...gg.exe

windows7_x64

1

x84ltcosp6...gg.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd4f721c3e163f0f569b0ee6053a60a9904f6b0005bb3c4746737b21bf4eefdd

  • Size

    9.2MB

  • Sample

    220621-kz2e6segg8

  • MD5

    8560f7f38a13c676a72b708baad53359

  • SHA1

    0fe9b1237784592df181634edefb4ad02687d842

  • SHA256

    bd4f721c3e163f0f569b0ee6053a60a9904f6b0005bb3c4746737b21bf4eefdd

  • SHA512

    c5cefa7ce3280a673ef81cbb64a5d0c1d9455ef21cfc0d3945ca9fa1836ebba3fd8171d7d742b17a5ca5ae5b7f0a9c6ead207b4740c0478ba38e7782967138d1

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      jetxpvyoad.zid

    • Size

      9.2MB

    • MD5

      1a515d2f5cadf1adf6ef13625777f9cb

    • SHA1

      5633963055415e954fda91653d172084cc32af19

    • SHA256

      4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614

    • SHA512

      fafce093d869d2405b08289c7b24b8f92d7a1c8ecc5adf55d48efdbdc67c43dc8cc8855f84f60212220eac377b550e00e10e10aebbf8dd38c88764ffc5ff430c

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      x84ltcosp61j8cbo9uy7z50zggg

    • Size

      884KB

    • MD5

      4685811c853ceaebc991c3a8406694bf

    • SHA1

      9cd382eb91bfea5782dd09f589a31b47c2c2b53e

    • SHA256

      3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4

    • SHA512

      a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks