44a6389937c8a2dcbadfb5d04829a2c36fbcc27b37ddc9719847801222d0cce5 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

bgdwubmodm.dll

windows7-x64

9

bgdwubmodm.dll

windows10-2004-x64

9

l4jb9w049j...oo.exe

windows7-x64

1

l4jb9w049j...oo.exe

windows10-2004-x64

1

Resubmissions

31-10-2022 22:53

221031-2t11wsdhf2 9

25-09-2022 04:01

220925-elhg9adbc8 10

15-09-2022 10:54

220915-mzjapsgeej 9

Sharing

General

Target

20.zip
Size

10.4MB
Sample

220915-mzjapsgeej
MD5

e17ed9853440c53954269dc2d97b4ab1
SHA1

ed6f99c188726247614b2affc95da967087c9fef
SHA256

44a6389937c8a2dcbadfb5d04829a2c36fbcc27b37ddc9719847801222d0cce5
SHA512

5b02ca10db4617026a911507f9d4a61c167b6435f36135cbfaa572669d53e18d33566db8643feae65ef1315be9f2744dc4fdeb44ec044d8a1770e751dac42bf5
SSDEEP

196608:yK6qD/i+k2V4c6gC7CASBtm2q3h7/1nUG3NL6GDsIZCE3K1zEkuwCCjnUdy13sx3:yK6m/PHqCASYd7dnUG92GDs3E32LbY2S

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bgdwubmodm.dll

Resource

win7-20220812-en

evasion themida trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bgdwubmodm.dll

Resource

win10v2004-20220812-en

evasion themida trojan

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

l4jb9w049j00h704k2exk46qooo.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

l4jb9w049j00h704k2exk46qooo.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  bgdwubmodm.xqg
- Size
  
  10.3MB
- MD5
  
  186b119d39e666a41a602ff6c9605b70
- SHA1
  
  99599a7c7620265b9e30dc1b7028b34ec274464c
- SHA256
  
  3da15b7582aa2e324d7e8a18ca4610fb20f69985b09f1c1490e6a99dcde6e305
- SHA512
  
  be22de499169903b83d6c3c44c6368bda91de8ab636c331424e99cbe01b38cf593a08e293c5f57ab4a4fde9f2a032deef5d94c6664014f02f71a948af5e3ab75
- SSDEEP
  
  196608:z11cSFf1gPigUZNY4QBvM602Nrbjlhmmm+j8C7q44KoORtSDtYUcV5znDYsE18FO:p1jUMNDskkrFhmmHwCWOoOHSDtYUcVRe
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  l4jb9w049j00h704k2exk46qooo
- Size
  
  889KB
- MD5
  
  03c469798bf1827d989f09f346ce95f7
- SHA1
  
  05e491bc1b8fbfbfdca24b565f2464137f30691e
- SHA256
  
  de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a
- SHA512
  
  d95aed75dd7b2470d4e5052b4b494ad9efbb9eee42c63cf0b38f1d0275ff7b1bb8ee4cbc69d1bb219dbbf33ad3b01cea97f87fa8fe69be7f943aa4417a603238
- SSDEEP
  
  24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

© 2018-2024

Terms | Privacy