aa8d83fcd7b22fad37b1c445fe44d844e9667888cc11e081b113aa02982cb631 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

aspack.dll

windows7_x64

9

aspack.dll

windows10-2004_x64

9

fat-0455056058.exe

windows7_x64

9

fat-0455056058.exe

windows10-2004_x64

9

Sharing

General

Target

aa8d83fcd7b22fad37b1c445fe44d844e9667888cc11e081b113aa02982cb631.zip
Size

8.4MB
Sample

220629-t15nnacgg8
MD5

e1d258508544a535936fb2c9a78d6064
SHA1

c147ef0e7741c972a9024f99e7de9d69d14b8478
SHA256

aa8d83fcd7b22fad37b1c445fe44d844e9667888cc11e081b113aa02982cb631
SHA512

769c646b9ae5dac4375a47099a81bb3cf0809993b693ecdae7fcc0bd80d80556136b13af40e792a7b3ee01d0fddf98ec860aeca659e7ca12bb64b4a2ca575e97

Score

9^/10

evasion persistence themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

aspack.dll

Resource

win7-20220414-es

evasion themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aspack.dll

Resource

win10v2004-20220414-es

evasion themida trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

fat-0455056058.exe

Resource

win7-20220414-es

evasion persistence themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

fat-0455056058.exe

Resource

win10v2004-20220414-es

evasion persistence themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  aspack.dll
- Size
  
  8.0MB
- MD5
  
  7dc082e8b1d1c0bde07de2a84c9ea415
- SHA1
  
  346a806841d0d669ff168105f111d388fb5e69a4
- SHA256
  
  8f959360dd3f24ab27b4a371f53123568261bacb896a121c0660fd9d69dbddcf
- SHA512
  
  cecc5ffa67fb8540996c82860e97734884281272010ef213c06802627393e567d68aa4c410fdeb34ec7e47d1273cda1f8795cc8a2a546ddb4f8dcedfe44b8bb1
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  fat-0455056058.exe
- Size
  
  557KB
- MD5
  
  e33bcdd61d70a1961df2c6d7f0c18351
- SHA1
  
  958ff5402b7e05be694b00bb760f124b79fe0c7d
- SHA256
  
  b1aad17f65fbdb5fb75e13a00bd3b1db6e5168f8e4419e57b13fb34dc48c4ba4
- SHA512
  
  d4bb02140173417986d559b7ab96b3388478a4494ce652ac01e6a84297f86d772408aa6591ace45e75cce589298ee3a9a7864624a25a0cbd7d1ced197bd4946b
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

evasionpersistencethemidatrojan

behavioral4

evasionpersistencethemidatrojan

© 2018-2024

Terms | Privacy