Overview

overview

9

Static

static

7

6cdefcc3ca...05.exe

windows7-x64

9

6cdefcc3ca...05.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05.exe_

  • Size

    2.6MB

  • Sample

    220725-fq9yqsfgd5

  • MD5

    a8c845eb0bd7edc496cb5195f9c6983b

  • SHA1

    bbee93f915f7e8dcc1f861cb24c866e52b7d9087

  • SHA256

    6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05

  • SHA512

    1d86fe76d326adf72c67d00aa04540a7d38371846e0557995b3994d02f884f9accd1148ddff2d90792110f8c245717fcd00234d26c9997b3842b7952e858d3e2

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05.exe_

    • Size

      2.6MB

    • MD5

      a8c845eb0bd7edc496cb5195f9c6983b

    • SHA1

      bbee93f915f7e8dcc1f861cb24c866e52b7d9087

    • SHA256

      6cdefcc3cab1f66d2b7f9e528a4b7da9c763d8947ed404d804d063dc36e62b05

    • SHA512

      1d86fe76d326adf72c67d00aa04540a7d38371846e0557995b3994d02f884f9accd1148ddff2d90792110f8c245717fcd00234d26c9997b3842b7952e858d3e2

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks