6776efe2216dd81f0794d507b7cbd3c3f6b6b34406b1eb3cda6b34d724c90e38 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

4589.zip

windows7_x64

1

4589.zip

windows10-2004_x64

1

kdrkdk41du...gg.exe

windows7_x64

1

kdrkdk41du...gg.exe

windows10-2004_x64

1

zbyrtzciif.dll

windows7_x64

9

zbyrtzciif.dll

windows10-2004_x64

9

Sharing

General

Target

4589.zip
Size

7.2MB
Sample

220622-wflfdsaabl
MD5

74e7ab0f929de2ea20bbee139d4266aa
SHA1

8b3972f4fbb536e2d9a3140bc005946dab6a06d2
SHA256

6776efe2216dd81f0794d507b7cbd3c3f6b6b34406b1eb3cda6b34d724c90e38
SHA512

709c3280a1071bc29b26d0e8b14ade9127ff1e99f17a6527ab92ffe9aed6fe8de6ad0d9b8c5c7ba492e2f2abeb73d43654769b81e51030f1278d6f4457493f3b

Score

9^/10

evasion themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

4589.zip

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4589.zip

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

kdrkdk41du1eb4ap8iwo2rb59ggg.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

kdrkdk41du1eb4ap8iwo2rb59ggg.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

zbyrtzciif.dll

Resource

win7-20220414-en

evasion themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

zbyrtzciif.dll

Resource

win10v2004-20220414-en

evasion themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4589.zip
- Size
  
  7.2MB
- MD5
  
  74e7ab0f929de2ea20bbee139d4266aa
- SHA1
  
  8b3972f4fbb536e2d9a3140bc005946dab6a06d2
- SHA256
  
  6776efe2216dd81f0794d507b7cbd3c3f6b6b34406b1eb3cda6b34d724c90e38
- SHA512
  
  709c3280a1071bc29b26d0e8b14ade9127ff1e99f17a6527ab92ffe9aed6fe8de6ad0d9b8c5c7ba492e2f2abeb73d43654769b81e51030f1278d6f4457493f3b
Score

1^/10
behavioral1 behavioral2
- Target
  
  kdrkdk41du1eb4ap8iwo2rb59ggg
- Size
  
  884KB
- MD5
  
  4685811c853ceaebc991c3a8406694bf
- SHA1
  
  9cd382eb91bfea5782dd09f589a31b47c2c2b53e
- SHA256
  
  3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4
- SHA512
  
  a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46
Score

1^/10
behavioral3 behavioral4
- Target
  
  zbyrtzciif.nqu
- Size
  
  7.0MB
- MD5
  
  e542f38011cc165154b3178db74032cb
- SHA1
  
  e09fc2c03003e84790be3a17b97fa2e90f08e2e9
- SHA256
  
  5019200109e04421b1097f6426450551e215c1b83f759a79fb4373e33d3d1002
- SHA512
  
  4911dc7e2233a1b2033801b222e674cf0c22915bdc1445059c12f52281df81c67b2f7009e3c8f048ca9131dbf608595467c5e20095844e66d985356410eb7ccf
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

evasionthemidatrojan

behavioral6

evasionthemidatrojan

© 2018-2024

Terms | Privacy