0b1f4fb88c6990884ed0bac5c1bd4843df3ba73728f96febe533935b54c16179 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Helium 0.3...um.exe

windows10-2004-x64

9

Helium 0.31/scrape.py

windows10-2004-x64

3

Sharing

General

Target

Helium.zip
Size

36.4MB
Sample

230316-x3r25aeg3z
MD5

d6835904ded70eeb4bb7cd0d3da54db2
SHA1

2bb32e3583353ea1bd771220d68252daa7965b18
SHA256

0b1f4fb88c6990884ed0bac5c1bd4843df3ba73728f96febe533935b54c16179
SHA512

e05a206f3703216794d3b78632ac3efb3a38376742cbea223260de0c55dde40670122ad498492c95ddf5b8b846332760c606009b95fb53c40e2d54eda7e29547
SSDEEP

786432:kzNmGCBEMseMkuoNrH9G3PNV0LdBXQlKEqIyBvNcDnfs8Oi64GQ7UAt6f:+NveMjoN8YdJ2pqImeHYb/bf

Score

9^/10

evasion pyinstaller themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Helium 0.31/Helium.exe

Resource

win10v2004-20230220-en

evasion themida trojan

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Helium 0.31/scrape.py

Resource

win10v2004-20230221-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  Helium 0.31/Helium.exe
- Size
  
  36.7MB
- MD5
  
  bb345f19d8f44acaa01e384a038ee071
- SHA1
  
  888fd0a1cd2d46696d517f166bc10ab0cc76a4dd
- SHA256
  
  0fb92f8ae827f978a189b8aa782472631be42f82298cedbee965f85e9d3bbf79
- SHA512
  
  2a3558181b2590cb7381202f648cad596158343042caea2bdead2a9703fc0779b4cba64ebcd21e3130af9e2091fdc957bafac510cecee8520deebddebbfddb1d
- SSDEEP
  
  786432:/zWUobyFiErUGOHzeMKVxzx5cfKc/wgKqVwvMzLvW9b2Z7ZuSYQkRpuj:7rRFiELOHzDCd5cFwVKrbc29LrS
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  Helium 0.31/scrape.py
- Size
  
  9KB
- MD5
  
  1eb8d5648e58cf11068c9b926a3cbe58
- SHA1
  
  66a04f84cce5f870d057a4c7a28bcc55d5255b9d
- SHA256
  
  92f931e290b3570cf7f2fbdf61b49921f00f600a3b79314efed9408f88aa591f
- SHA512
  
  1d583b5bbbce4ae05854171de5ef4902519a55a03470a53ed6cf0d88ecb27f43c54b04a95c222db93ec8c2f528b9a9ede857f2c23b71ba830cfef2733278ee95
- SSDEEP
  
  192:EaTLl0C0vOExVC6YVf95H8GKObLT0q2Bd7NR/01I1x2t5x+9ic/:fTLIxVC6kfz8GKOY577NktSQc
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

© 2018-2025

Terms | Privacy