f54b84a4efc58dfba747896c3411ecb6915fd1d7ddf896f8464af251340b14a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

modest-menu_v0.9.6_unknowncheats.me_.zip
Size

13.2MB
Sample

221203-3xccdage83
MD5

4b9ea5322df9a84520efdc472be34eb5
SHA1

f1d3a26106d411cb16ad7fa800a30746f8757436
SHA256

f54b84a4efc58dfba747896c3411ecb6915fd1d7ddf896f8464af251340b14a4
SHA512

60fb488f0a1cfb64c4b267b096738de0c2e9bc0168898430b928796364c431076df97477cdb1e92c131df68207a78091ba6742db88513683399f52ee8f0b61ce
SSDEEP

393216:zb05WKbTc5Kgi7Sj18l3o3v9uzk0+ZcPZj:zAxbTc5Kgi7J3opDZmj

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  config.json
- Size
  
  3KB
- MD5
  
  1531ab128d7cb828ae50ec764e2254f0
- SHA1
  
  6b462939db32c2513e38fa9c99e1b7673381e57a
- SHA256
  
  0aa64b5a971fb65d3224fbe598062d971a27103b0675a30d2aef80a0eeb1b7e0
- SHA512
  
  5d037ee6c2243ca975040843047997aa22142a1c9a90839886abd0624e2aff64c7ed2f3ad26f270dfe096a26f5f7f1a5e4e2f8ba21d7dd490ee2cfc01a3e5ea3
Score

3^/10
behavioral1 behavioral2
- Target
  
  modest-menu.exe
- Size
  
  13.2MB
- MD5
  
  0a5659701d99b9076e067606bf36e0b7
- SHA1
  
  b1dbd42d7d25c01e19716f6e18614a51fbcacd47
- SHA256
  
  61458152c4215d24d3dd2b099a07916871d0ecc2dc3144106eb79e63182b2ae8
- SHA512
  
  26c99fa962b533428404f4cc3f528412ea7d0cc2bcd1ba7f6854ef7a61803af0203e16e5a1b480a467daee86cee8222f36791293b97fd9aa75e56febbcb56d56
- SSDEEP
  
  393216:qEZVtQ0b8LgVDBA4M8+4gFw2XGRbDyRyQ:qEZVtQ0Qez9cApuRy
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  scripts/Readme.api
- Size
  
  21KB
- MD5
  
  9540c4e98bdd18d07a76d315b474dd7b
- SHA1
  
  1fed70d11f573c0cd37a76ff03cfafd81247f15e
- SHA256
  
  e60dc8866185b6f9b4eba664b474558641486f40f8e77e70d6bd57399394b6bb
- SHA512
  
  c47da853095519e25d691882f02c0ca16e279fecc1de6197e0e7c6faa506c82359c6c6154ee1376cb39f59b9ba8ca819b83e07573cc80cfd7046b1ec1edd505d
- SSDEEP
  
  192:1NzcKvneq0hHBjOCpGjem6fZeGTAvj2GlbWXxX5IS+wwSgU0FXxZujFSzrkrOfKK:OhlGjemNZWXxX5MO0Fruj2riOiK
Score

3^/10
behavioral5 behavioral6
- Target
  
  scripts/demo.lua
- Size
  
  429B
- MD5
  
  a0cdff1f4eaf5af121513b9885295341
- SHA1
  
  e40fc44c5b82a8c02e7248c8b104c0f8abdc4f97
- SHA256
  
  f2b354df9b4d661f6227132c39937b8f706626886cdcf65540ebc5b78f55f6ea
- SHA512
  
  1bf19f211a11c6b88ca9583ff20c1c8ed3e14f8f7ff68622a37c5c151ef2473e41bfd2b503bcc99f6e6e3f79b6845678cecfd3e23406353f35883fbf9b2beecd
Score

3^/10
behavioral7 behavioral8
- Target
  
  scripts/sirius.lua.example
- Size
  
  468B
- MD5
  
  1fdd7bce4f24c51ec8267d7fe65b265e
- SHA1
  
  4f247776830fb30cf816f227f13d3645b8d3aa6d
- SHA256
  
  d331a1344d7354019fdeb564a21f95f85f26458f91aa93d7af58affa9728cb1d
- SHA512
  
  4bf9c85600dcab2ff532ef5f459c270d3197ea5a9d46677b4f7f1e0d2e3b3454bc5ba1f64bcb732448cbe37a71a2112511f46166ec4ba0f3db1ca14d4f685bb4
Score

3^/10
behavioral10 behavioral9
- Target
  
  scripts/vehicle.lua
- Size
  
  306B
- MD5
  
  1eceb52600b875b85a169687fb62ed1e
- SHA1
  
  2d13ed39f1d757af9a5d07790065cc8c00c4984b
- SHA256
  
  0cddccf554633f15fbc453cd0080469c3806d7bd13824f68e3a1ee0cfb2da20b
- SHA512
  
  23baa825d5c3dfb66d1582ce6332bee8272f345742ba50977c0622c7be4fb6b9b921b473a424a2453df3cbc0ff0b473cf7897955fe09a4fd7a10d0df2ef2188b
Score

3^/10
behavioral11 behavioral12
- Target
  
  scripts/weapon.lua
- Size
  
  277B
- MD5
  
  402a9279c76afb2c5977cf97d270c3d1
- SHA1
  
  4cd6474f3cbf9c3ca26277d5691460e8744aae59
- SHA256
  
  20d2e8d52504c96dcb846b08da138418048ed3b58128b05ddf1bde09694c5c14
- SHA512
  
  7357aff15e11de58da79a4eaa603c5ad7fb16ec426e71358e87dd14862d19c44b80896c0e66766479978bb0ba88704457b5356f9f86f6f4af41a39c52ffa45db
Score

3^/10
behavioral13 behavioral14
- Target
  
  themes.json
- Size
  
  2KB
- MD5
  
  ecc97a512f2bee4c4344a7a4126b5a5b
- SHA1
  
  73cd4d3e586b17d307decebd1ba8bea105977e29
- SHA256
  
  b5eeb2b5d8656f0399220039f15e50c2566bf13124681f67c65f8b042d8fdc4c
- SHA512
  
  4d411ea0b3c67f2b38034fc9c1491dca070801e6521cc7cd8cdf91e2343a7caa7861313445e3d53cbe8dc8f64a0ce8169b191a054536c186dc2d1dcfba25bd18
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

evasionthemidatrojan

behavioral4

evasionthemidatrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16