2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f | Triage

Submit
Reports

Overview

overview

9

Static

static

7

dridex

windows10-2004-x64

9

Sharing

General

Target

2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
Size

7.0MB
Sample

230305-w7wqfahb27
MD5

96d50809dd1b8abd6aed2a41f8e5e71f
SHA1

24de43aa8e69ce52bef3c397b2b7b345da54577b
SHA256

2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
SHA512

0f6ba2334c811ced8662faac734b4783f018ade96c1fa65311b35247c371a6a917b38db1b4038c946b3374dfee0f819057d50b7d9eb8583d0e3a6bbd67565e67
SSDEEP

196608:uLvYTFyzb9W4lg9VmXQxjDyFnPFrGPW8xqYU:uLvYAb8Ws6Q4tSGYU

Score

9^/10

agilenet evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f.exe

Resource

win10v2004-20230220-en

agilenet evasion themida trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
- Size
  
  7.0MB
- MD5
  
  96d50809dd1b8abd6aed2a41f8e5e71f
- SHA1
  
  24de43aa8e69ce52bef3c397b2b7b345da54577b
- SHA256
  
  2730694acc68e8ef7155c311baa8972109ed51fbb056b5c6bb36c6428f5e864f
- SHA512
  
  0f6ba2334c811ced8662faac734b4783f018ade96c1fa65311b35247c371a6a917b38db1b4038c946b3374dfee0f819057d50b7d9eb8583d0e3a6bbd67565e67
- SSDEEP
  
  196608:uLvYTFyzb9W4lg9VmXQxjDyFnPFrGPW8xqYU:uLvYAb8Ws6Q4tSGYU
Score

9^/10

agilenet evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agilenetevasionthemidatrojan

© 2018-2024

Terms | Privacy