bd30b36cf30266e1b4c8f7d8bb082ebbc7b97d42ba36dc5e80f5793bc58f6e42 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

Bark (1).exe

windows7-x64

1

Bark (1).exe

windows10-2004-x64

9

Sharing

General

Target

Bark (1).exe
Size

230KB
Sample

230315-tbh4csgc6t
MD5

f855cb3375f71c3d61e7432e7fb0b185
SHA1

d66995179269fd66c143022f28b371a2ce042c4e
SHA256

bd30b36cf30266e1b4c8f7d8bb082ebbc7b97d42ba36dc5e80f5793bc58f6e42
SHA512

a7a952ea8e9a8af67f6f6ef9ec8aca079745da70b5f118fea44cac0d169238321b05bd6ef889dab6bcc190e47c2114ab61ec4e32a1bd4a87eccb792e803f7141
SSDEEP

6144:sQgJNRlxJyQTjA43Qv2rvgoQRlxJyQTjA43QvV8F3:GJNRlLynLoQRlLynWF

Score

9^/10

evasion themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

Bark (1).exe

Resource

win7-20230220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bark (1).exe

Resource

win10v2004-20230220-en

evasion themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bark (1).exe
- Size
  
  230KB
- MD5
  
  f855cb3375f71c3d61e7432e7fb0b185
- SHA1
  
  d66995179269fd66c143022f28b371a2ce042c4e
- SHA256
  
  bd30b36cf30266e1b4c8f7d8bb082ebbc7b97d42ba36dc5e80f5793bc58f6e42
- SHA512
  
  a7a952ea8e9a8af67f6f6ef9ec8aca079745da70b5f118fea44cac0d169238321b05bd6ef889dab6bcc190e47c2114ab61ec4e32a1bd4a87eccb792e803f7141
- SSDEEP
  
  6144:sQgJNRlxJyQTjA43Qv2rvgoQRlxJyQTjA43QvV8F3:GJNRlLynLoQRlLynWF
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy