Overview

overview

9

Static

static

7

Launcher.exe

windows7-x64

9

Launcher.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Launcher.exe

  • Size

    3.7MB

  • Sample

    220811-tlr41sbfc7

  • MD5

    26de3aeeabe0ae76f1018eaa2532f16a

  • SHA1

    cb64725485be721627e11871cbb7fb6a778beb2d

  • SHA256

    1492ef6536804555c64804636662313d4345fcf02d7d568c2cc291f221915ed7

  • SHA512

    4b1ea404e601a3990ff2abf97c273c4a23205a30f5bdf2cc78706efcb3cfd7e20157fa9071cade58f39ce3206db56185ca523780fd16d167a2d6f3fd4e6eb118

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      3.7MB

    • MD5

      26de3aeeabe0ae76f1018eaa2532f16a

    • SHA1

      cb64725485be721627e11871cbb7fb6a778beb2d

    • SHA256

      1492ef6536804555c64804636662313d4345fcf02d7d568c2cc291f221915ed7

    • SHA512

      4b1ea404e601a3990ff2abf97c273c4a23205a30f5bdf2cc78706efcb3cfd7e20157fa9071cade58f39ce3206db56185ca523780fd16d167a2d6f3fd4e6eb118

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks