Overview

overview

9

Static

static

7

ajwimldjpv.dll

windows7-x64

9

ajwimldjpv.dll

windows10-2004-x64

9

f9q65e3u0r...ll.exe

windows7-x64

9

f9q65e3u0r...ll.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    87.zip

  • Size

    10.2MB

  • Sample

    220907-ptdjdacah5

  • MD5

    3cd325fcccf93b13afdff07c616c04d5

  • SHA1

    95ce0818094d115b254d913ef4730109446761b2

  • SHA256

    dcc4719dc84d5d3ced1d5fc6f3d72d841013b1ded7a70c345e95fcde4654837d

  • SHA512

    7e84ef1bcb65363c8c435bc338a23c674cf627dc3ab81134f8ed8a3158fa2ce77f4370d514ebaad4331a25b136681dc596362530267f18882fc67cd937eeadf4

  • SSDEEP

    196608:Am/O9D8z8Rma9G8cqDYTBlJM+bwE9LB/1qv3PVpGdAI1uQg9Fu0C73D5mtTaq/nk:Am/sbB9xklJHEouQg277tmtHw

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      ajwimldjpv.lud

    • Size

      17.4MB

    • MD5

      0743fc8c19d720e1dda3430ab1f9f7f8

    • SHA1

      1d47f70aa12f6f2419aac209e9f64d86f8bb7f6b

    • SHA256

      545591ecdc0b17a805122789c31499e48be25fd9a9dc8687ee9ab11f4ae97b8e

    • SHA512

      984f5162450cc2d8b1bd8133455b13ccb6005b13ecc5b07315a5a3e3b487e0e9227f5415adff0a3862bccdfa37949b07b38cd45db24087e8cb081181f4fa61b5

    • SSDEEP

      393216:vHM+VyRGwWCwzeRAY3DLn2Pvapoxho0IHCRy++t:U+VyUB6RAY3DLn2XoFP

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      f9q65e3u0rz00b5i6wyclll.exe

    • Size

      884KB

    • MD5

      4685811c853ceaebc991c3a8406694bf

    • SHA1

      9cd382eb91bfea5782dd09f589a31b47c2c2b53e

    • SHA256

      3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4

    • SHA512

      a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46

    • SSDEEP

      12288:oo6hrwBWQ1Ow8yPcT3ZinffOqJaFLGRTY7c223KmZaQRDSGEi:oo6dwBTj9U1wffO7FLG5Y7K3KmZ0GEi

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks