Overview

overview

9

Static

static

7

Updated.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Updated.exe

  • Size

    4.0MB

  • Sample

    230316-ywr9zscf63

  • MD5

    0acaf575450e2fbe86f4deba7caa1b13

  • SHA1

    2c88b85494b70faeab2f8195539f143b15593ada

  • SHA256

    00baa3eaaea9cad17c161ab662154aea27f0e059114646f0f92ab245e5f4f079

  • SHA512

    a187718458447dd36f81e9adbbfea0a23131956c329001945fb223e516e219dbbf49de4ec09b211a753999a5fa2eb6f2f3a37d30c426d83d74bc4271a12fb2c5

  • SSDEEP

    98304:Mi9lt8dExQWOEp3izA1MgRer9+SdD/ydpdMI31BO+Dd6b6:b9lt8dEtpkA1l49+WIp+IFBTD9

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Updated.exe

    • Size

      4.0MB

    • MD5

      0acaf575450e2fbe86f4deba7caa1b13

    • SHA1

      2c88b85494b70faeab2f8195539f143b15593ada

    • SHA256

      00baa3eaaea9cad17c161ab662154aea27f0e059114646f0f92ab245e5f4f079

    • SHA512

      a187718458447dd36f81e9adbbfea0a23131956c329001945fb223e516e219dbbf49de4ec09b211a753999a5fa2eb6f2f3a37d30c426d83d74bc4271a12fb2c5

    • SSDEEP

      98304:Mi9lt8dExQWOEp3izA1MgRer9+SdD/ydpdMI31BO+Dd6b6:b9lt8dEtpkA1l49+WIp+IFBTD9

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks