fad182e497a70f73d1f79f08e98f2d4d81c043a7c9fd95204e7a266bceddf287 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

aspack.dll

windows7_x64

9

aspack.dll

windows10-2004_x64

9

ativarmodu...st.exe

windows7_x64

9

ativarmodu...st.exe

windows10-2004_x64

9

Sharing

General

Target

ativarmodulobanest.zip
Size

8.4MB
Sample

220708-larecadbb5
MD5

06d62a649048a231bccc7a02d17616d1
SHA1

58e4d97210cfd0d79b1658964834fe2c55b24f0a
SHA256

fad182e497a70f73d1f79f08e98f2d4d81c043a7c9fd95204e7a266bceddf287
SHA512

c782a85e5790a1b03a37f6e30c263ae7206a516602df22fce64c0b1e3bcaad9b64b72b25dfbcb6fca1570709558de2ffdc914cced9cd19d1adda6f0493450dfb

Score

9^/10

evasion persistence themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

aspack.dll

Resource

win7-20220414-en

evasion themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aspack.dll

Resource

win10v2004-20220414-en

evasion themida trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

ativarmodulobanest.exe

Resource

win7-20220414-en

evasion persistence themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

ativarmodulobanest.exe

Resource

win10v2004-20220414-en

evasion persistence themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  aspack.dll
- Size
  
  8.1MB
- MD5
  
  1f168d3537686da20347b7eff489b0e8
- SHA1
  
  f8aa5b2fd542e20aaabd12ec2cded5fee3c66dfc
- SHA256
  
  d18b87265e2ed41cfb4f725b3ee23c82aadfc4c3e701351a1a60f26486b920ff
- SHA512
  
  e0be5c5c16203ea95eec7b673a0cea6a501b00a0cfdf84e45e39e66ccfccf5fb1489e4cb7434b07061dff00d3a701c64abb8e07ad20c9d88523117da0b0810f9
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  ativarmodulobanest.exe
- Size
  
  557KB
- MD5
  
  e33bcdd61d70a1961df2c6d7f0c18351
- SHA1
  
  958ff5402b7e05be694b00bb760f124b79fe0c7d
- SHA256
  
  b1aad17f65fbdb5fb75e13a00bd3b1db6e5168f8e4419e57b13fb34dc48c4ba4
- SHA512
  
  d4bb02140173417986d559b7ab96b3388478a4494ce652ac01e6a84297f86d772408aa6591ace45e75cce589298ee3a9a7864624a25a0cbd7d1ced197bd4946b
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

evasionpersistencethemidatrojan

behavioral4

evasionpersistencethemidatrojan

© 2018-2024

Terms | Privacy