Overview

overview

9

Static

static

7

iebwvjjvih.dll

windows7_x64

9

iebwvjjvih.dll

windows10-2004_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iebwvjjvih

  • Size

    10.6MB

  • Sample

    220712-hbrvqafacn

  • MD5

    825bf79bf5ea0fc0bd1ec248d247647d

  • SHA1

    01183ae1bfc3cf4c43312b45b8de227e949dee32

  • SHA256

    78f5872d9cee1fdebd7700529958935ae07e7ee79872ff169601fad5964e1efe

  • SHA512

    70be186a258ae6429c20398f981bec4695ae9a595ac7c11c41b9e4d335cd1453e7beddbf4e291ac91d9d119427b474c8db4d481d935399b28e1780161ab7dfbf

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      iebwvjjvih

    • Size

      10.6MB

    • MD5

      825bf79bf5ea0fc0bd1ec248d247647d

    • SHA1

      01183ae1bfc3cf4c43312b45b8de227e949dee32

    • SHA256

      78f5872d9cee1fdebd7700529958935ae07e7ee79872ff169601fad5964e1efe

    • SHA512

      70be186a258ae6429c20398f981bec4695ae9a595ac7c11c41b9e4d335cd1453e7beddbf4e291ac91d9d119427b474c8db4d481d935399b28e1780161ab7dfbf

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks