f224cb31d5b44800d57940e547e9a1cbefc43f6a4d9459a4dc822719839a5f32 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Tester.exe

windows10-2004-x64

9

Resubmissions

24-11-2022 21:09

221124-zzmpcadb4z 9

24-11-2022 20:59

221124-zs5atacg5y 9

Sharing

General

Target

Tester.exe
Size

11.3MB
Sample

221124-zzmpcadb4z
MD5

2b9c4125be622c2af2784016db985bc8
SHA1

733064f30eeb89e260103b4b2ce06582d042be83
SHA256

f224cb31d5b44800d57940e547e9a1cbefc43f6a4d9459a4dc822719839a5f32
SHA512

eadac4a042cd529df8fbdad8cc068be9947fa89d11111941035e903322a33d0863d8e65078cb096bd751400fab6d4890f8fcaa6f632339a5d1e2ef12c1ba7105
SSDEEP

196608:u3y9onJ5hrZERMB2WZufOuD9L2+qN9AUKzezdn0JhFVbNvAKy+BhvvIWvRm:ey9c5hlERo2WmfDZ2pN9AUKzeN8jHhBX

Score

9^/10

evasion persistence pyinstaller spyware stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Tester.exe

Resource

win10v2004-20220812-en

evasion persistence spyware stealer themida trojan

windows10-2004-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  Tester.exe
- Size
  
  11.3MB
- MD5
  
  2b9c4125be622c2af2784016db985bc8
- SHA1
  
  733064f30eeb89e260103b4b2ce06582d042be83
- SHA256
  
  f224cb31d5b44800d57940e547e9a1cbefc43f6a4d9459a4dc822719839a5f32
- SHA512
  
  eadac4a042cd529df8fbdad8cc068be9947fa89d11111941035e903322a33d0863d8e65078cb096bd751400fab6d4890f8fcaa6f632339a5d1e2ef12c1ba7105
- SSDEEP
  
  196608:u3y9onJ5hrZERMB2WZufOuD9L2+qN9AUKzezdn0JhFVbNvAKy+BhvvIWvRm:ey9c5hlERo2WmfDZ2pN9AUKzeN8jHhBX
Score

9^/10

evasion persistence spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Modifies Installed Components in the registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealerthemidatrojan

© 2018-2024

Terms | Privacy