a0608f64719281ac9ae204a1a92e9c8cf44ab30e6525b7f1f565e3cba6051221 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

B8DH2AUB1S...6B.exe

windows7-x64

1

B8DH2AUB1S...6B.exe

windows10-2004-x64

1

XI3PV3M1PU...D2.dll

windows7-x64

9

XI3PV3M1PU...D2.dll

windows10-2004-x64

9

Sharing

General

Target

fd04c9c39436e1059e79258c270284b2
Size

8.7MB
Sample

220809-z4v7aagdgm
MD5

fd04c9c39436e1059e79258c270284b2
SHA1

6ea2a2d1d38212d9584e7325fbca32b5941c86a7
SHA256

a0608f64719281ac9ae204a1a92e9c8cf44ab30e6525b7f1f565e3cba6051221
SHA512

fec8c5af048253ae2a6476b1c7d25f63cca9f70181774ab5d48256b99996899a8da141177a75a29f55d0a49ff98c539cbe13431ceec613b49dd1b3412d72bd0c

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

B8DH2AUB1SCIX0XQCII2GEHEII8Z3JV9K6B.exe

Resource

win7-20220718-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

B8DH2AUB1SCIX0XQCII2GEHEII8Z3JV9K6B.exe

Resource

win10v2004-20220722-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

XI3PV3M1PUUSEXXBH3LKN91TRFIN1166ZD2.dll

Resource

win7-20220718-en

evasion themida trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

XI3PV3M1PUUSEXXBH3LKN91TRFIN1166ZD2.dll

Resource

win10v2004-20220721-en

evasion themida trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  B8DH2AUB1SCIX0XQCII2GEHEII8Z3JV9K6B
- Size
  
  883KB
- MD5
  
  3d9e621aa8d9d1a97eff65affaee6cc2
- SHA1
  
  79c2c6e16d566912eb10cca2895539b9adb88cdb
- SHA256
  
  54e90ef3b2121408e03bb343b70583fe15a2ca24d5d76e8129766dbaa22817c5
- SHA512
  
  3d2d91393bffb3cfc1b919d5d4fadad1a2daa5d7ae54b0007e6c33af311c3ffb2f1b4e008d016d4043a2a0433e838d940f47bf4a857484878c46dd985c545a55
Score

1^/10
behavioral1 behavioral2
- Target
  
  XI3PV3M1PUUSEXXBH3LKN91TRFIN1166ZD2
- Size
  
  8.4MB
- MD5
  
  43e7413c02debc49385ca0821350af55
- SHA1
  
  8835996015ee50ac50e6302c6af3fb6582f9ab5e
- SHA256
  
  433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
- SHA512
  
  65945f240287cc6e43efd4dc93c58dfd2240f820a5d01bd4a869ebc48c5d8596809e8f16b12afdd18374021e8209794f1bd3e53ab2ad2d7bbacb2bca6d9e626a
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

evasionthemidatrojan

behavioral4

evasionthemidatrojan

© 2018-2024

Terms | Privacy