204675ed11d30dd3dbc631f798b4364c128eb4e9413f1da195790abf880e8b9a | Triage

Sharing

General

Target

app.7z
Size

37.6MB
Sample

220812-v9rzlagacn
MD5

176cbb94d3f6e98a261935fa984618d3
SHA1

f7ec9d12e11b11f3baea7c20a9af0ba82bf9bc3f
SHA256

204675ed11d30dd3dbc631f798b4364c128eb4e9413f1da195790abf880e8b9a
SHA512

7b05c5172cb6927be931bc979ed9a6c47c139a349b24d1be42ee26ea9b2e8fd519c5b9b5a7ccdcad992bf06273620e3d63fa9164836810778d31f65755b73f8a

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  D3Dcompiler_47.dll
- Size
  
  3.3MB
- MD5
  
  c5b362bce86bb0ad3149c4540201331d
- SHA1
  
  91bc4989345a4e26f06c0c781a21a27d4ee9bacd
- SHA256
  
  efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f
- SHA512
  
  82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd
Score

3^/10
behavioral1 behavioral2
- Target
  
  VtTalkStudent.exe
- Size
  
  3.3MB
- MD5
  
  35c0b4db3ec83f9b27c53ddc1e27c376
- SHA1
  
  c5764a6b41b6c6470a6edf77a5136bb362e437b4
- SHA256
  
  8163cadf427be35cf1143e8163033f58265e1680b931a8083b56a4a2d7c3c42b
- SHA512
  
  28c321f84d500efbea97a3216e257090c85d79d63e4e0db78ae737f085c539f848b1292ac44431053043c53839f7b14bbbf3401d2fd70f173551b0124b72d8da
Score

9^/10

themida evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  libEGL.dll
- Size
  
  65KB
- MD5
  
  683fe751705a3876223557ed3f1cf9d2
- SHA1
  
  5438089276978a3953c36f6b996c9bc9972326b7
- SHA256
  
  2bfca8ad96c13910febd0e4b43476668590ec0e9bcf3adfd8fef927bee36c394
- SHA512
  
  8c279aaa5de7fb3b2c8690d1c74d987ab99b7178c90925b8de692d9ee0079e7033102e3abb717a2469fdb5e7cac6bfe5a62c52574fd273ad11fb9f79eb458d33
Score

1^/10
behavioral5 behavioral6
- Target
  
  libGLESv2.dll
- Size
  
  7.6MB
- MD5
  
  dfcb482c34211c3b5e6bcbc36f00d044
- SHA1
  
  89f114d199d45f945b0fe42b1043420d4e9c427a
- SHA256
  
  d54373072028fbcf89716c3479a241ebd452410848f654927f2d140a02c0fc8e
- SHA512
  
  2962c656a0098c24b36c416730c62abdd1fca047f19e32d8b2eaedc86a587674b98a270c43cdc94642d9769cae256c291f62ba8e9593f58e3cc102e51397971e
Score

1^/10
behavioral7 behavioral8
- Target
  
  libass-9.dll
- Size
  
  302KB
- MD5
  
  d0f7a5ad8ef837fa6b1ec02b1c0ff452
- SHA1
  
  c2cd3e369b47ec8a0503ab929ab3247520bf3a15
- SHA256
  
  5f673564895592a63b36ed0bca1827a1f14be4f931d57d10565e8ded0d85556b
- SHA512
  
  d1adffde8a92660305238d325fc5f4c6103b9da4173466fd656ff246b42035e799593e78684cc2e6de48870ca2c50e513bc89d41453a1e12812b427a76b683ac
Score

1^/10
behavioral9 behavioral10
- Target
  
  libbz2-1.dll
- Size
  
  103KB
- MD5
  
  0c6452935851b7cdb3a365aecd2dd260
- SHA1
  
  83ef3cd7f985acc113a6de364bdb376dbf8d2f48
- SHA256
  
  f8385d08bd44b213ff2a2c360fe01ae8a1eda5311c7e1fc1a043c524e899a8ed
- SHA512
  
  5ff21a85ee28665c4e707c7044f122d1bac8e408a06f8ea16e33a8c9201798d196fa65b24327f208c4ff415e24a5ad2414fe7a91d9c0b0d8cff88299111f2e1d
Score

3^/10
behavioral11 behavioral12
- Target
  
  libcrypto-1_1.dll
- Size
  
  2.7MB
- MD5
  
  e08470993ca77e13030d2956e4346464
- SHA1
  
  04d151f8d71767c3aff316778b7fc0b8470d7f14
- SHA256
  
  585dd75ffb3982de25981af2f05b519468db0cc1e9ca5e4ef7c35b0fbf8b1fae
- SHA512
  
  a00b47b097b9457c5b2b4f3bb8b1719ba158fc9e54567d51663ab042261627ea61959d6817b818ffc364cc790b422917578e3ff5aca4f5f081fb989b8552e802
Score

3^/10
behavioral13 behavioral14
- Target
  
  libcrypto.dll
- Size
  
  2.7MB
- MD5
  
  e08470993ca77e13030d2956e4346464
- SHA1
  
  04d151f8d71767c3aff316778b7fc0b8470d7f14
- SHA256
  
  585dd75ffb3982de25981af2f05b519468db0cc1e9ca5e4ef7c35b0fbf8b1fae
- SHA512
  
  a00b47b097b9457c5b2b4f3bb8b1719ba158fc9e54567d51663ab042261627ea61959d6817b818ffc364cc790b422917578e3ff5aca4f5f081fb989b8552e802
Score

3^/10
behavioral15 behavioral16
- Target
  
  libcurl.dll
- Size
  
  420KB
- MD5
  
  a0722b584c374ec7517311922c196df2
- SHA1
  
  100761497569f752e064643c9aa3510d10d2245a
- SHA256
  
  d65cc86cbc6181eb5732463e4976ea7ee63054acdd2015820a43fd6b8768cbe8
- SHA512
  
  c8f1b27d5e39fcd8432728bd617d154d5f63232dd44f40a1a06df7db1f3ec6bc412c7cc4063946faf1c4da49b8576c338c4b1f4d9e66336831e0965a700fd371
Score

3^/10
behavioral17 behavioral18
- Target
  
  libgcc_s_dw2-1.dll
- Size
  
  113KB
- MD5
  
  9aec524b616618b0d3d00b27b6f51da1
- SHA1
  
  64264300801a353db324d11738ffed876550e1d3
- SHA256
  
  59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
- SHA512
  
  0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0
Score

3^/10
behavioral19 behavioral20
- Target
  
  libiconv-2.dll
- Size
  
  1.0MB
- MD5
  
  b7df9b43bf812ddaf60c99732c1ab273
- SHA1
  
  4a90353c8b2845008483854642b711e917f9ceef
- SHA256
  
  74024fe9b8a1e4f8b9b7561b336b2916a20784699cdeef2948074f0e820c9bde
- SHA512
  
  db78a8af90e8557ba37df1b8c089b8c2e6d912cb08a7b633126541fa9a2e91a0dd90e275a83d323db0e38bb464744225b0fd405a2c828170b5b7ac1333d6c6e7
Score

3^/10
behavioral21 behavioral22
- Target
  
  liblzma-5.dll
- Size
  
  169KB
- MD5
  
  196ae4c5ca6ae3798ab5dc8c5d7aa142
- SHA1
  
  394e13883afd0515336583eec394d16bb8568f24
- SHA256
  
  3e4b4ccaf429c08fa11c6a3472ceab77709bf16d5dedd526a64f7ed42a9575db
- SHA512
  
  3f0823f581f820300dddf7c2d67d77a8bc59c7345e59115dc64bcf393b2febc18d659411cf60eb19016de68a4d6dcb3b5beaba68a27cf4fe7908fb01a66cf183
Score

3^/10
behavioral23 behavioral24
- Target
  
  libmbedcrypto.dll
- Size
  
  518KB
- MD5
  
  8fd812a3662ac33cfd688d2f0efb9254
- SHA1
  
  15e1c73e64172f58c0b2341b05b6efaec7bd090e
- SHA256
  
  11c81bb55645e28060fd0384bdbfaceda46beef9c517e71fe13af1c53e26d39a
- SHA512
  
  5a5957f7c6e62d291cedccaac8cc8d25b63470b5b6b79701e4eb9f1ec8d2c0897dc5cea64ba9847c76cc4522206a0798d9caefcac820def645084b98d07fc845
Score

1^/10
behavioral25 behavioral26

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

evasionthemidatrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26