allcome

Resubmissions

06-11-2022 17:42

221106-v96srafhfk 10

06-11-2022 16:58

221106-vhaagaccd7 10

15-10-2022 04:47

221015-fenalafcam 10

Sharing

Copy URL

Twitter E-mail

General

Target

2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02
Size

9.1MB
Sample

221106-v96srafhfk
MD5

58ec0acfe4edcc15917b97ef91596f07
SHA1

60e610685d9a549926e7a9b0cb6bcc6509708d3c
SHA256

2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02
SHA512

5769c348149efc107d94bd02e6bbb16440c7974533b843cc42fb7c23fb3e2209754ab69ca9f04a0ba4c56c83e5c30983568a1b1d5f9861c1328befdf09e78736
SSDEEP

196608:K2ejh9Qo2P3Cgnpmtw69DvGSfkDpVpyPc9izcM/WaQCf:Kd4CHx3IyP4izp+Uf

Score

10^/10

Malware Config

Extracted

Family

allcome

http://dba692117be7b6d3480fe5220fdd58b38bf.xyz/API/2/configure.php?cf6zrlhn=finarnw

Targets

- Target
  
  2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02
- Size
  
  9.1MB
- MD5
  
  58ec0acfe4edcc15917b97ef91596f07
- SHA1
  
  60e610685d9a549926e7a9b0cb6bcc6509708d3c
- SHA256
  
  2d640e53d6e6d96266afb87c150403609c66d66ab1a5404c20efb13c85f9ae02
- SHA512
  
  5769c348149efc107d94bd02e6bbb16440c7974533b843cc42fb7c23fb3e2209754ab69ca9f04a0ba4c56c83e5c30983568a1b1d5f9861c1328befdf09e78736
- SSDEEP
  
  196608:K2ejh9Qo2P3Cgnpmtw69DvGSfkDpVpyPc9izcM/WaQCf:Kd4CHx3IyP4izp+Uf
Score

10^/10

allcome evasion stealer themida trojan
- Allcome
  A clipbanker that supports stealing different cryptocurrency wallets and payment forms.
  stealer allcome
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Executes dropped EXE

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3