Overview

overview

9

Static

static

7

fg797p.exe

windows7-x64

9

fg797p.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fg797p.exe

  • Size

    7.1MB

  • Sample

    220801-yl78fsgdh3

  • MD5

    98042f03baf3cad4dc4ab8e882063e14

  • SHA1

    87d47f67b8d4b021f19d1c1d8514453facca2be6

  • SHA256

    da6ce92ec5c7305011dbfa5a6d4b81c43794eba55652744729744b4980e2b0c2

  • SHA512

    7ddd8b95e58bf01f588f93d9864d90b65b4af7035b9f4c68dc93690c1a312193263a9a839ddeaead6f155548f3530569d0af3178d9b6c20c317b06f06e210377

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      fg797p.exe

    • Size

      7.1MB

    • MD5

      98042f03baf3cad4dc4ab8e882063e14

    • SHA1

      87d47f67b8d4b021f19d1c1d8514453facca2be6

    • SHA256

      da6ce92ec5c7305011dbfa5a6d4b81c43794eba55652744729744b4980e2b0c2

    • SHA512

      7ddd8b95e58bf01f588f93d9864d90b65b4af7035b9f4c68dc93690c1a312193263a9a839ddeaead6f155548f3530569d0af3178d9b6c20c317b06f06e210377

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks