c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Acunetix P...ol.exe

windows7-x64

9

Acunetix P...ol.exe

windows10-2004-x64

9

Sharing

General

Target

Acunetix Premium Activation Tool.exe
Size

13.3MB
Sample

220723-y3t26agggn
MD5

fc469f3f0d85aa66eb676f9a9e81b448
SHA1

850d94781455275b0b4d98a18be4db76843c12bf
SHA256

c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439
SHA512

7c532923caa5507f8266e7983603792102c77c844c9fcbd9bca069f8b25b2f046591a889c42a5792e096bb050edb9dadae7d2bc9fccf78661c079d179d0c5355

Score

9^/10

discovery evasion persistence themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Acunetix Premium Activation Tool.exe

Resource

win7-20220718-en

discovery evasion themida trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Acunetix Premium Activation Tool.exe

Resource

win10v2004-20220721-en

discovery evasion persistence themida trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  Acunetix Premium Activation Tool.exe
- Size
  
  13.3MB
- MD5
  
  fc469f3f0d85aa66eb676f9a9e81b448
- SHA1
  
  850d94781455275b0b4d98a18be4db76843c12bf
- SHA256
  
  c185321db781cd83f7c571a06ce3ef5739b4e92f349cde4d5a975640e91e4439
- SHA512
  
  7c532923caa5507f8266e7983603792102c77c844c9fcbd9bca069f8b25b2f046591a889c42a5792e096bb050edb9dadae7d2bc9fccf78661c079d179d0c5355
Score

9^/10

discovery evasion themida trojan persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

behavioral2

discoveryevasionpersistencethemidatrojan

© 2018-2024

Terms | Privacy