Overview

overview

9

Static

static

7

Setup/Setup.exe

windows7-x64

9

Setup/Setup.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.rar

  • Size

    2.3MB

  • Sample

    220811-sx11maghem

  • MD5

    596d6b08b66e56079772f1d1a139fe7e

  • SHA1

    e40e8745dc8ccff2b7fb5eb2f8a7b28a6aede6d6

  • SHA256

    075f4a01bc210fadd913276eb553eee456a9d385cd9951715f5bca0be63d842e

  • SHA512

    e8afc3e1f83f7ed03593618cd4f651545e7f4dd296799c2e0810ead5259c7d62acdf2aa237f2807a823c5e5316066bc3fa48c281aa9be49364f71578b7c6987b

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Setup/Setup.exe

    • Size

      394.2MB

    • MD5

      c79e2bfd1f0acb9e37e6314d5c63c67e

    • SHA1

      07c169a3a6d4e8795ec8d3d91b0e6794207aeca8

    • SHA256

      3925686c8a7a4ec49537ce3caa3d52d24950b0256d30785d5dae2fb47678e77e

    • SHA512

      583d0b3375064feec9c033e57834f7aee3189be223dd20c528a5bb1b4433fabd3b707d414fcf87fe79c4913a6d163bc9ef3035aa93f48506e61b0274d97e06a9

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks