Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873
Size

8MB
Sample

230125-m5vwpafg79
MD5

10b4f109f82f2dab060cdfe8b9167c61
SHA1

13373d528cd777ba22a6c4b7bab5231f63e4ae5b
SHA256

88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873
SHA512

ea72beafccc6962ec10dca3de3c96c4f1dea587c57fc498e09af1c6d3e565a886d1fa8920f48fa256bb9ce73f72a66059d3f8431af200ffa6292e3eb8c7ab6d4
SSDEEP

196608:fnTm6cPlq0PhetcgP2RT+7GU7FrN9Hrmdq5m7Th2KeROQ:q3q0PZTiGUhrNpydqEvh28Q

Score

8^/10

persistence themida

Malware Config

Targets

- Target
  
  88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873
- Size
  
  8MB
- MD5
  
  10b4f109f82f2dab060cdfe8b9167c61
- SHA1
  
  13373d528cd777ba22a6c4b7bab5231f63e4ae5b
- SHA256
  
  88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873
- SHA512
  
  ea72beafccc6962ec10dca3de3c96c4f1dea587c57fc498e09af1c6d3e565a886d1fa8920f48fa256bb9ce73f72a66059d3f8431af200ffa6292e3eb8c7ab6d4
- SSDEEP
  
  196608:fnTm6cPlq0PhetcgP2RT+7GU7FrN9Hrmdq5m7Th2KeROQ:q3q0PZTiGUhrNpydqEvh28Q
Score

8^/10

persistence themida
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Tasks

static1

behavioral1

persistencethemida