9c4a74d7c7b7427e158c569a0bbac64b8828be8f02c57f39db5703864d4cb3e7 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

1126afb8be...1f.exe

windows7-x64

9

1126afb8be...1f.exe

windows10-2004-x64

9

Sharing

General

Target

dpeditorexe.zip
Size

2.6MB
Sample

221129-2ynalaae5y
MD5

fe6fda0fe2f701f708440cef88e319a5
SHA1

dc5d9dc56ed372312bbd6c49bb5b1f387d3249a7
SHA256

9c4a74d7c7b7427e158c569a0bbac64b8828be8f02c57f39db5703864d4cb3e7
SHA512

231208947bc81e1236545e4fbfe49328c9c410250355d86e6ff09eb1a1f76566f1cd77f39505056f6d237fdad0f1a61763b73c2a50377a4980240f3acf8dbe37
SSDEEP

49152:FjoqaTRk6fMek5Xx5cmPudbWIvPV/1RxAIHegJ1Lf8Sjnh2hgDDgt5AaTI5d:WTR1fMe2ckudbWI3VNRxAIfJqU2KcAUI

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f.exe

Resource

win7-20221111-en

evasion themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f.exe

Resource

win10v2004-20221111-en

evasion themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f.bin
- Size
  
  2.6MB
- MD5
  
  5a679f91f3a906f7b63c05a31bcf32bd
- SHA1
  
  18b912daf118dcc7b1ca6cf7ab81546f90692166
- SHA256
  
  1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f
- SHA512
  
  7ff3dec8ae9c7e5b314ee49f0154458e89257765f51a4a2846185edca63f34758fc5b9a08ee1215291ba31a7e497b847e220f6af2d40d5da0de2d01bbb7099a9
- SSDEEP
  
  49152:EoayXc1xkHzPkkD8PMp7sdJtA1um8Re38jDESHO00lDjrKGlUH:uic/kHriMcs17sj4znrC
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy