Overview

overview

9

Static

static

7

BIHBXRSIVW.dll

windows7-x64

9

BIHBXRSIVW.dll

windows10-2004-x64

9

YPRII8GSNC...ss.exe

windows7-x64

1

YPRII8GSNC...ss.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mekpayload.zip

  • Size

    14.3MB

  • Sample

    230317-xbrbhsbe7y

  • MD5

    ba3e9e13da5c3cd90bd729eabbd98c5e

  • SHA1

    cb0c3da0c99d5947b84b144427dce0918b12f466

  • SHA256

    4cbae49ea38538510e34c36627d4476c83334777bc514fa3e3b50cc2f75d87cd

  • SHA512

    75ecbef02ab63b75223479690bcddfdc91720e6f59b1205188c195f68413299678c979830e85622ab1c01c32a2e51e433cf77ceb532ef3c9f65cb7d0c5ff1c6c

  • SSDEEP

    393216:IaYFe8Xr6jDRJpkXX9cdL0Qu/1CPn0kZvvrCPq07ADCioUykKT:I1our6DsmLFu/+0kZvvmimZnPT

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      BIHBXRSIVW.rCJ

    • Size

      14.5MB

    • MD5

      9c10a526a73893354ffda1070e3c438f

    • SHA1

      ce854ebd481c03df98625619bcc258614fc19515

    • SHA256

      9fc52a3f3062b09ef6fe25ceeead5bcf3f80c712e8468fe887a57fbe19884b2c

    • SHA512

      56f8cdfb10cbe024842390b7878e6cc83f4c644942d3785711310583c25499111e6427e1cb6954b17edf6db1ca9275d1e823ac5b32decfd62bddc13f1d624466

    • SSDEEP

      393216:y1+g8B3BQ6lV7Vb3LBgTovVLRAsDEI3mtPuQTC35BeI:y1Vs3BQmBFiMVLRAsYI3OGx

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      YPRII8GSNC37Q6VEFsss

    • Size

      889KB

    • MD5

      03c469798bf1827d989f09f346ce95f7

    • SHA1

      05e491bc1b8fbfbfdca24b565f2464137f30691e

    • SHA256

      de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a

    • SHA512

      d95aed75dd7b2470d4e5052b4b494ad9efbb9eee42c63cf0b38f1d0275ff7b1bb8ee4cbc69d1bb219dbbf33ad3b01cea97f87fa8fe69be7f943aa4417a603238

    • SSDEEP

      24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks