Overview

overview

9

Static

static

7

e42b4c09ae...27.rar

windows7-x64

3

e42b4c09ae...27.rar

windows10-2004-x64

3

Setup/Setup.exe

windows7-x64

9

Setup/Setup.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227

  • Size

    7.6MB

  • Sample

    220727-xhqcssgecj

  • MD5

    57eb3b48fc86d1739c946a024270128f

  • SHA1

    6fe9aa7ecfcdf575c033821d51ce5e9c7ba1b4bb

  • SHA256

    e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227

  • SHA512

    6f1e38e1bda51e08a6d3084677329690665a540f9ffbbd56c99c8343b5dd3182048359609cd4369e86609dc31e093b68af1e94515e5dff7cf44c7c83265aabfa

Score
9/10
discoveryevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227

    • Size

      7.6MB

    • MD5

      57eb3b48fc86d1739c946a024270128f

    • SHA1

      6fe9aa7ecfcdf575c033821d51ce5e9c7ba1b4bb

    • SHA256

      e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227

    • SHA512

      6f1e38e1bda51e08a6d3084677329690665a540f9ffbbd56c99c8343b5dd3182048359609cd4369e86609dc31e093b68af1e94515e5dff7cf44c7c83265aabfa

    Score
    3/10
    behavioral1behavioral2

    • Target

      Setup/Setup.exe

    • Size

      386.3MB

    • MD5

      9cc5b48a28dc19ca75154161e9644955

    • SHA1

      a3d6ca72e8dc4c188c2515a5eceecaa3514ad5a9

    • SHA256

      b11dd821d48528f0badbd53efb3593880f23220db2c666b0fe34b8e35a9a3c95

    • SHA512

      89341bc2dcdb34bda3125b5dd29ef37bf62e898294c3de44331d1b62183108ea52bb03cee97bfc862f3d11c23e9672f386f32722f07e793fac04df1fbe01651a

    Score
    9/10
    discoveryevasionspywarestealerthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

4
T1082

Query Registry

4
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks