b00b73f25c824a6efb01cabdddd386efdf5cf1121b0d877a2ae0daf03b093340 | Triage

Sharing

General

Target

b00b73f25c824a6efb01cabdddd386efdf5cf1121b0d877a2ae0daf03b093340
Size

738KB
Sample

221129-nnq2vahb8s
MD5

39331face343e6d7f9f883b3e8b68910
SHA1

08461411e51d7ee84c5e70fcf75237f348cab18f
SHA256

b00b73f25c824a6efb01cabdddd386efdf5cf1121b0d877a2ae0daf03b093340
SHA512

6f1d573d09ce0aa4320f7cea2ce60fa239cfecd219d629932e90bc72f44b4b3e911dc539a65d6cf555e876b3fbecfefad97b14d8118c8e3b4713226e8fda5d9a
SSDEEP

12288:KEKliLILWtVcbViwTaV6BRZUKxPQEt0ZxyL12nJH6p0ARiLT0u8celGcNiRkQSjF:KEtLsiwToAAEUxyR2JIUL16NiRkQWg

Score

7^/10

evasion themida

Malware Config

Targets

- Target
  
  b00b73f25c824a6efb01cabdddd386efdf5cf1121b0d877a2ae0daf03b093340
- Size
  
  738KB
- MD5
  
  39331face343e6d7f9f883b3e8b68910
- SHA1
  
  08461411e51d7ee84c5e70fcf75237f348cab18f
- SHA256
  
  b00b73f25c824a6efb01cabdddd386efdf5cf1121b0d877a2ae0daf03b093340
- SHA512
  
  6f1d573d09ce0aa4320f7cea2ce60fa239cfecd219d629932e90bc72f44b4b3e911dc539a65d6cf555e876b3fbecfefad97b14d8118c8e3b4713226e8fda5d9a
- SSDEEP
  
  12288:KEKliLILWtVcbViwTaV6BRZUKxPQEt0ZxyL12nJH6p0ARiLT0u8celGcNiRkQSjF:KEtLsiwToAAEUxyR2JIUL16NiRkQWg
Score

7^/10

evasion themida
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2