Overview

overview

9

Static

static

7

Roles_External.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Roles_External.exe

  • Size

    9.0MB

  • Sample

    230312-zmywvahd8v

  • MD5

    002ad7c91deb54e30a919846fe124eaf

  • SHA1

    cb092513ae675fe243d92328310471f09b51267a

  • SHA256

    e9d01a1df753a60c21218dc713bf5b2fa95cd82ceb0f760afd1027249812aabe

  • SHA512

    2e873b8ec2d32ba60117c6423d7bfca9da830870e0238044a1d50fdb0784598ef20325ff62462c6f88078ddc385dfd854f36f8b47aae9610c83a6d5f92b97fd7

  • SSDEEP

    196608:p7tXDri3gUyVl21VNlNNjx4MLm6iE8y4HCh4Iv9o9qmDmHYmGN1:pJTrznCJjxpi6iE8y2Ch4MaPm4mO1

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Roles_External.exe

    • Size

      9.0MB

    • MD5

      002ad7c91deb54e30a919846fe124eaf

    • SHA1

      cb092513ae675fe243d92328310471f09b51267a

    • SHA256

      e9d01a1df753a60c21218dc713bf5b2fa95cd82ceb0f760afd1027249812aabe

    • SHA512

      2e873b8ec2d32ba60117c6423d7bfca9da830870e0238044a1d50fdb0784598ef20325ff62462c6f88078ddc385dfd854f36f8b47aae9610c83a6d5f92b97fd7

    • SSDEEP

      196608:p7tXDri3gUyVl21VNlNNjx4MLm6iE8y4HCh4Iv9o9qmDmHYmGN1:pJTrznCJjxpi6iE8y2Ch4MaPm4mO1

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks