Overview

overview

7

Static

static

7

39d81449ee...ed.exe

windows7_x64

7

39d81449ee...ed.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39d81449ee8e4e0932370e423b61ebde268c8cdf7b8b5c1a859ecf24c12b49ed

  • Size

    1.1MB

  • Sample

    220625-jvs3kacbgl

  • MD5

    e9abcab523f9b60e654fa590ecf00948

  • SHA1

    bd4407af6b436484b279b576e22bdc370941b546

  • SHA256

    39d81449ee8e4e0932370e423b61ebde268c8cdf7b8b5c1a859ecf24c12b49ed

  • SHA512

    9a92a021adf3b05db1182437de998f1c32c48db128203970963353309162bbf1be32d6e629d12e1331f534f7af08b45fa41bdc71cc4325cfaf8403ca07e0f69c

Score
7/10
evasionthemida

Malware Config

Targets

    • Target

      39d81449ee8e4e0932370e423b61ebde268c8cdf7b8b5c1a859ecf24c12b49ed

    • Size

      1.1MB

    • MD5

      e9abcab523f9b60e654fa590ecf00948

    • SHA1

      bd4407af6b436484b279b576e22bdc370941b546

    • SHA256

      39d81449ee8e4e0932370e423b61ebde268c8cdf7b8b5c1a859ecf24c12b49ed

    • SHA512

      9a92a021adf3b05db1182437de998f1c32c48db128203970963353309162bbf1be32d6e629d12e1331f534f7af08b45fa41bdc71cc4325cfaf8403ca07e0f69c

    Score
    7/10
    evasionthemida

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks