Overview

overview

9

Static

static

7

amd software.exe

windows7-x64

9

amd software.exe

windows10-2004-x64

icucnv67.msi

windows7-x64

8

icucnv67.msi

windows10-2004-x64

8

icudt67.msi

windows7-x64

8

icudt67.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Amd.zip

  • Size

    6.4MB

  • Sample

    221129-r21d8ahf24

  • MD5

    bee2709e1c101e80f8ae4298ecebafe1

  • SHA1

    5aac68d3fdc03abb6a9f3a79d9a706b6d0de4eec

  • SHA256

    0e6f2d58c9c816acc484d8f68e7b9c5e5a650ea92116bd07298e39ee00e5b57e

  • SHA512

    e46a845345f2de5097b96da0954933322e24641e4a851aeae75a60d5c657015259105958570e91832926b2a84a3c05e9a0ba558608838c28e45989dc53cae02d

  • SSDEEP

    98304:jGHUoDWJsY+Y34PSwZD80YDF5njGrN1YDs3yso15Cva0jLWzstCnv:jsD4Bt3wSwj+vyfYDs3e8djLWLv

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      amd software.exe

    • Size

      739.9MB

    • MD5

      d4d01f5de39d146d4f9390b900acf9a5

    • SHA1

      3c062831149093b704d5174e9f29accae7d8925b

    • SHA256

      f5f3ce00dd2f262becf2f2d1ed5b3bcb71ce40b17fdc2aa849ec8399baa4a794

    • SHA512

      71fedced374d6bf81d7c1825a3f673a43392e8ffeaaf98e520ef64f9104e706b7c1a3fb446a4fbeffc36715ef3cc3b4c40757cbf6cd27b02cc9f0564ffce7583

    • SSDEEP

      98304:ejUUwRb9ct9mIc3vtlIpf2H1UjlEV9gMTZi4qNFTs1Fy0fStI0y:6wRbpFIpfsUjloPuNuFytZ

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      icucnv67.dll

    • Size

      15KB

    • MD5

      c89f7b63c258a2d8b68a4bdaf5bbb2d4

    • SHA1

      b1181f70adef2cfc1b884aa4a895984843ca326c

    • SHA256

      ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2

    • SHA512

      39ca6c5ad801795bbaafe1c85719afdd7ced663ac2fb6530130797a40cd4ed7047d33292c5b41601408488cb5ed4926f9e0744d158a44b128bf517e0562d6e47

    • SSDEEP

      192:+0NMi7v56dIYiYF8rVs9+qARHk/2WJfsHR9y2sE9jBFL2UzZ9O:+06iuIYiI9yHk/24i/8E9VFL2Ut9

    Score
    8/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

    • Target

      icudt67.dll

    • Size

      15KB

    • MD5

      d73b8ebe06c05cddad49297f668b481e

    • SHA1

      44b139944043d4c4c5a33e1782cd8256f3fa70aa

    • SHA256

      6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e

    • SHA512

      8dfe75a0219fa67803da33adea82f6e08fd568c938adad3174f9248f060306e4725852282538691a22fff29a9cd50af66c9d884c94f15c9ed392b9f3048844d6

    • SSDEEP

      192:NFNMi7v56OIYiYF8rVs9+qARrk3WJfsHR9y2sE9jBFL2UzZQp:NF6idIYiI9yrk34i/8E9VFL2UtQ

    Score
    8/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

4
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks