608a2abe556eaf9f65965e9ad04814938d7e429fc8d7ab5b98404c90c5a3c93c | Triage

Submit
Reports

Overview

overview

9

Static

static

7

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

9

Sharing

General

Target

608a2abe556eaf9f65965e9ad04814938d7e429fc8d7ab5b98404c90c5a3c93c
Size

7.2MB
Sample

220808-em7hrschdp
MD5

b1c7d7949c6e3f68c02b94c1cab7ed09
SHA1

6202b072c9254c0b23cd17f1eab0ada76c05c47e
SHA256

608a2abe556eaf9f65965e9ad04814938d7e429fc8d7ab5b98404c90c5a3c93c
SHA512

2f6adbc2f5346abdf8c05b309253eff2ade1e1e924554743e69e7ca1f4e48955c4cc6db61f55729bab42ecbfd1d48573cec6b92b0ad4504a03c4f11ceaa647d8

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

608a2abe556eaf9f65965e9ad04814938d7e429fc8d7ab5b98404c90c5a3c93c.exe

Resource

win7-20220715-en

evasion themida trojan

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

608a2abe556eaf9f65965e9ad04814938d7e429fc8d7ab5b98404c90c5a3c93c.exe

Resource

win10-20220718-en

evasion themida trojan

windows10-1703-x64

5 signatures

300 seconds

Malware Config

Targets

- Target
  
  608a2abe556eaf9f65965e9ad04814938d7e429fc8d7ab5b98404c90c5a3c93c
- Size
  
  7.2MB
- MD5
  
  b1c7d7949c6e3f68c02b94c1cab7ed09
- SHA1
  
  6202b072c9254c0b23cd17f1eab0ada76c05c47e
- SHA256
  
  608a2abe556eaf9f65965e9ad04814938d7e429fc8d7ab5b98404c90c5a3c93c
- SHA512
  
  2f6adbc2f5346abdf8c05b309253eff2ade1e1e924554743e69e7ca1f4e48955c4cc6db61f55729bab42ecbfd1d48573cec6b92b0ad4504a03c4f11ceaa647d8
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy