Overview

overview

9

Static

static

7

modest-men...nu.exe

windows7_x64

9

modest-men...nu.exe

windows10_x64

9

modest-men...nu.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    modest-menu_v0.9.3_[kiddionsmodmenu.com] (1).zip

  • Size

    11.5MB

  • Sample

    220706-1cnhsshcgm

  • MD5

    e00d12c8a5912b4cd4e8e399a0963d01

  • SHA1

    3fae4d4d7198d91477362d48ee3500eaebb9c511

  • SHA256

    bdb3617b937c03e6ad1ea0ec30383dd9a36d8daebcacd87b7d3529cced9c741f

  • SHA512

    a3ad23babb03d4ca0ea49dab990a1d3a0ad6add93de22d4122de82eef394f698b86441d6bd91c0c5e6eed0f3d5b8ee571958e7fb4cd47dbabd987fefb046eaf6

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      modest-menu_v0.9.3/modest-menu.exe

    • Size

      11.5MB

    • MD5

      3930ab52a2e6f4b0b371421cd3e509b9

    • SHA1

      907013d0f905adc305caf0251c164db528eb596e

    • SHA256

      71296bb15128fe1039a0566b746afaee20092fd8b575322536ec97725a9da9cd

    • SHA512

      a6d8ed3dc52422b0f486e6ea4f87a414461ec0a04dc5257bdc7341362b4f141331f1eac5b5ce52c6c532450b188e87383944808153134a2e144660b5cfd9130e

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks