106d25bb8c0319a57d237a141eced110b138cf8d62b07d3912bd5d38765dfb52 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Device/Har...IO.exe

windows7-x64

9

Device/Har...IO.exe

windows10-2004-x64

9

Sharing

General

Target

RD-CBV-IT8-L_2022-08-02_16 13 38.zip
Size

5.5MB
Sample

220802-z95b5sdadq
MD5

c40bc42ce2ce3032d3862075a3bde94c
SHA1

672c1f0e6bb38ed22bd746cdf2ba24374007ba73
SHA256

106d25bb8c0319a57d237a141eced110b138cf8d62b07d3912bd5d38765dfb52
SHA512

e4dfd8bfda7ef679f826fe6998eb02b87d6dc0249eda53d61ec99b58e4ba4d82a22368d5a40898eb0a3c1250e832264a4044187655cef405d49dc1be9b73ba7f

Score

9^/10

agilenet evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume3/Users/admin/Downloads/FRPFILE AIO V2.6/FRPFILE AIO.exe

Resource

win7-20220718-en

agilenet evasion themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume3/Users/admin/Downloads/FRPFILE AIO V2.6/FRPFILE AIO.exe

Resource

win10v2004-20220721-en

agilenet evasion themida trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume3/Users/admin/Downloads/FRPFILE AIO V2.6/FRPFILE AIO.exe
- Size
  
  5.7MB
- MD5
  
  06c1fc03d8fcb6f2fa379e11137d39bd
- SHA1
  
  d27416033fb3ad04fd26b0bf2676b75039595a02
- SHA256
  
  49081ef5b2d0f4c8f8eb944396828d4f504a213a985b9d51ea0e183d5bfde2ce
- SHA512
  
  f7bc55d8d18218277b5fa3a7ef26f622d805be1269ffe862301fdeba947dd031c16f21f7f0fe3f84a2400a69d64debd587e13352dfd38bbe47e23bf910699988
Score

9^/10

agilenet evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agilenetevasionthemidatrojan

behavioral2

agilenetevasionthemidatrojan

© 2018-2024

Terms | Privacy