28b2f01f3a334d1a2e559bdf6dde1327311b1047b20b8ceba7457fd6d7104d9d | Triage

Submit
Reports

Overview

overview

9

Static

static

7

EO_MAX_Cra...AM.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

CHAPRI VIP.zip
Size

6.9MB
Sample

221229-gem59sfe5t
MD5

67e8324732b67d3a75c018ee2de905bc
SHA1

0c212470c11698aa9b058a52647ed8d1579c3297
SHA256

28b2f01f3a334d1a2e559bdf6dde1327311b1047b20b8ceba7457fd6d7104d9d
SHA512

920ce06eeadc20522e08e0a09f07a943ca2ab421122217ed9253a361282c7e87403788673d14d2733195c51c58d3b7600e66f8927202a1eaad2567d21b00f1a5
SSDEEP

196608:4+7eoIiMJHk3wYklX3I/f1WZUkmQvAwmtFNo1FqD:4nhf1Yk14/9WMQvA9tuID

Score

9^/10

evasion persistence themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EO_MAX_Cracked by EhliBeytTEAM.exe

Resource

win10v2004-20220812-en

evasion persistence themida trojan

windows10-2004-x64

16 signatures

30 seconds

Malware Config

Targets

- Target
  
  EO_MAX_Cracked by EhliBeytTEAM.exe
- Size
  
  4.1MB
- MD5
  
  3c6ead1b1cce7020e49b05a975828acb
- SHA1
  
  fcaeee931fc31461a85ed2484969329f272e6085
- SHA256
  
  b99fed565df8dac28bea620621b91858517210ecd626f58ffdc53acd6de479ee
- SHA512
  
  4e2846a51c25bdfbf119582cdd8e30cd163cca06fb0d53e9e010e9e67c360a1310a3453bf83b9a67183f433ebede403e67f5e1de49d0e0a34441afac6c8d155c
- SSDEEP
  
  98304:yeWkqLev3Y/qExLA4F8S78D/wNqoi+ggLmX8FHz:7qLef6Zl78DINqoRXLW8FT
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencethemidatrojan

© 2018-2025

Terms | Privacy