Overview

overview

9

Static

static

7

Setup.exe

windows7-x64

9

Setup.exe

windows10-2004-x64

9

Resubmissions

02/01/2023, 21:37

230102-1ge28abd71 9

02/01/2023, 20:58

230102-zslhpsbd2z 9

01/01/2023, 20:14

230101-yz2mtscf32 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LatestVersion_2022pass_UseToOpen.rar

  • Size

    3.9MB

  • Sample

    230101-yz2mtscf32

  • MD5

    2ce743dc28a723447fccf26246ac76eb

  • SHA1

    05a2a43843643e34c6193ef777cf3b043d0429df

  • SHA256

    c3ddd3d499fa4545f343e4617f3f9add31a6985f63cb91e763644cdf01ea26ff

  • SHA512

    3584830d8d71651b0a9517245bcb0936ddb24979639a17fdd01949d41ae50a9a480d8d2bd100dbf6199bb5e8727e4885313b3be8e62612d5ba329ed5c017ea2a

  • SSDEEP

    98304:0xbjnhXD9/NqHdhCbO1r0qebMj/R4oo+FmyXub+8IvV4th:0dX/k9hCbOB0TwjJPo1JK8IvVih

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      458.0MB

    • MD5

      50dd0464327900d62f20939a8fb9ff78

    • SHA1

      b15ce1981d536c7aba3125f06009c1e738a78e39

    • SHA256

      676564faa1a7a63634a62fcd3dfcc85f5c2722b7a939d5ccc08bc0bad4a2b376

    • SHA512

      a5c64fed302e436fc85173ffe69edde313fde2b8c8fa9d8647870d4abc7dd6c7dcda2666c7a5c64daf92589354e12f2e0ab54dca0f591f4c4625da7cd860e726

    • SSDEEP

      49152:PgPpGCD9EDfzh0xgb0W9SuMjZX7XUg3ZYimK181gNHeg+P2MxYo5:Pg4CJETzqrW9nM1XF3ZYxLBJxN

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks