f1b2df0cdb1576dfe30733fbf2936c5dcc530ea15f60377c0402ca3eec28e039 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

65.zip

windows10-2004-x64

9

Resubmissions

25-09-2022 03:46

220925-eb17lsdah4 9

25-09-2022 03:25

220925-dy3hhsedal 9

Sharing

General

Target

65.zip
Size

9.8MB
Sample

220925-dy3hhsedal
MD5

b144b58537058fc572d9bcbf668a9ed2
SHA1

02f6955335085d91177fcf329930465bb301c4bc
SHA256

f1b2df0cdb1576dfe30733fbf2936c5dcc530ea15f60377c0402ca3eec28e039
SHA512

ea5c48378fabd584618e05413a35b2a45b0ad07a31beed5b09b0cdadc83aac52e9191f77441f524d29058e2257d595dfaa608b918be439a6f2edb7026c3032a0
SSDEEP

196608:0KbwvkBYSQHIhE6wczxbaG1Ysr6LPr14B5shyl+Gyajsuh3bTiZI1MJD6g:0KNYSNzxbaGXMx4B5sh5GHsu5+qCJD1

Score

9^/10

evasion themida

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

65.zip

Resource

win10v2004-20220812-en

evasion themida

windows10-2004-x64

16 signatures

600 seconds

Malware Config

Targets

- Target
  
  65.zip
- Size
  
  9.8MB
- MD5
  
  b144b58537058fc572d9bcbf668a9ed2
- SHA1
  
  02f6955335085d91177fcf329930465bb301c4bc
- SHA256
  
  f1b2df0cdb1576dfe30733fbf2936c5dcc530ea15f60377c0402ca3eec28e039
- SHA512
  
  ea5c48378fabd584618e05413a35b2a45b0ad07a31beed5b09b0cdadc83aac52e9191f77441f524d29058e2257d595dfaa608b918be439a6f2edb7026c3032a0
- SSDEEP
  
  196608:0KbwvkBYSQHIhE6wczxbaG1Ysr6LPr14B5shyl+Gyajsuh3bTiZI1MJD6g:0KNYSNzxbaGXMx4B5sh5GHsu5+qCJD1
Score

9^/10

evasion themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy