0f26fd036fc742ceec5f00361d94e54fc620b0045c4ab9249cc90e4260950f8b | Triage

Submit
Reports

Overview

overview

7

Static

static

7

0f26fd036f...8b.exe

windows7-x64

7

0f26fd036f...8b.exe

windows10-2004-x64

7

Sharing

General

Target

0f26fd036fc742ceec5f00361d94e54fc620b0045c4ab9249cc90e4260950f8b
Size

1.2MB
Sample

221127-w361lsdc3t
MD5

b61a9989625a4acad24481135e1a14eb
SHA1

49bb46a48f17ef00e9222332b2f76ae10df26244
SHA256

0f26fd036fc742ceec5f00361d94e54fc620b0045c4ab9249cc90e4260950f8b
SHA512

cd6ea896b993c2a1995013871f1a8795b7a16deb45cc3cf6fb2cee9c570940da31c27cd5a09040df164d3014b93255492b91383db38032ca0cfa7ff2861e3575
SSDEEP

24576:4+8UOG8ZGc2ObF7k0fbosVe6tnUR1LumVVoPl:46HMGZC1URRZVVoPl

Score

7^/10

evasion themida

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f26fd036fc742ceec5f00361d94e54fc620b0045c4ab9249cc90e4260950f8b.exe

Resource

win7-20220812-en

evasion themida

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f26fd036fc742ceec5f00361d94e54fc620b0045c4ab9249cc90e4260950f8b.exe

Resource

win10v2004-20221111-en

evasion themida

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f26fd036fc742ceec5f00361d94e54fc620b0045c4ab9249cc90e4260950f8b
- Size
  
  1.2MB
- MD5
  
  b61a9989625a4acad24481135e1a14eb
- SHA1
  
  49bb46a48f17ef00e9222332b2f76ae10df26244
- SHA256
  
  0f26fd036fc742ceec5f00361d94e54fc620b0045c4ab9249cc90e4260950f8b
- SHA512
  
  cd6ea896b993c2a1995013871f1a8795b7a16deb45cc3cf6fb2cee9c570940da31c27cd5a09040df164d3014b93255492b91383db38032ca0cfa7ff2861e3575
- SSDEEP
  
  24576:4+8UOG8ZGc2ObF7k0fbosVe6tnUR1LumVVoPl:46HMGZC1URRZVVoPl
Score

7^/10

evasion themida
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy