Overview

overview

9

Static

static

7

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    123da7982be920ea21bc6aa650b658d6ce82672f00a95e0e397674aae4143274

  • Size

    7.5MB

  • Sample

    230101-17e5xafh9z

  • MD5

    d213a31bb5238990ad81eeaa94e0dea5

  • SHA1

    8a1aa25a450b001dcaa77672bf95dd4d1e2e18ea

  • SHA256

    123da7982be920ea21bc6aa650b658d6ce82672f00a95e0e397674aae4143274

  • SHA512

    c9200257d441a0276d4bf2b1a2e90321b9c0910d8d98f19afccf697ed7f9aa91306e5c154bb40d9e44519ca11d50b070e5c543a3c6a0102389c803d82d601345

  • SSDEEP

    196608:inru6BX5ODJ4r/xqFUM9TU3cB9K67iySTU5gz0Wm8dk:inr3BX64rpgUMSMW67CYGBm8

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      123da7982be920ea21bc6aa650b658d6ce82672f00a95e0e397674aae4143274

    • Size

      7.5MB

    • MD5

      d213a31bb5238990ad81eeaa94e0dea5

    • SHA1

      8a1aa25a450b001dcaa77672bf95dd4d1e2e18ea

    • SHA256

      123da7982be920ea21bc6aa650b658d6ce82672f00a95e0e397674aae4143274

    • SHA512

      c9200257d441a0276d4bf2b1a2e90321b9c0910d8d98f19afccf697ed7f9aa91306e5c154bb40d9e44519ca11d50b070e5c543a3c6a0102389c803d82d601345

    • SSDEEP

      196608:inru6BX5ODJ4r/xqFUM9TU3cB9K67iySTU5gz0Wm8dk:inr3BX64rpgUMSMW67CYGBm8

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Modifies file permissions

      discovery

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks