Overview

overview

9

Static

static

7

UnlockSoftwares.exe

windows7-x64

9

UnlockSoftwares.exe

windows10-2004-x64

9

alocal.exe

windows7-x64

9

alocal.exe

windows10-2004-x64

9

api32.exe

windows7-x64

3

api32.exe

windows10-2004-x64

1

libcef.exe

windows7-x64

1

libcef.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UnlockSoftwares-One-Software-To-Crack-Everything.zip

  • Size

    3.7MB

  • Sample

    230317-zee4rsbh7v

  • MD5

    b0f63f9863b60d25cf57d9feb785244b

  • SHA1

    06a4a798520aea7e11a0432987e6e979937715ee

  • SHA256

    72677ad5fac8a1e593ccefdbba6e85734465132b36c39b0d9890b50a4325b16d

  • SHA512

    fa28782e63edc6f9401c1575bc0ee08acfe8c33d6f423d6f4df81c474b3eb584c79cd63f3290e9cc6e6cf78877818565ce065bfdbfcebaa339531fe93d76eedb

  • SSDEEP

    98304:uwJ3vkwFbhmujjTTfnCB2zum2sEPvyWMVMN3XxdKGdW:LJ37Fb4ujXfnXzPEvgg7W

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      UnlockSoftwares.exe

    • Size

      693KB

    • MD5

      d56f28f26a94612d1d04275070136ec6

    • SHA1

      95b7ced3d9e0b8c0f35181a8378027f316e3766d

    • SHA256

      36d05512e6d6485eaca7550fc63db9d52687075b24c8b242e1da062448b33688

    • SHA512

      275e92d50b572aa1afb4e92fcc2c3322fec79febc278f2ad2426fd739768b86ca85483f850aa7fa7c926849f690639e8a0854039fdbcf589318be748735ae2dc

    • SSDEEP

      12288:KwAwpyjN3Xz1/uOg+6Io7FXr9KEvob1vbfPsGOG7P+KN5Lu4z5unF:KwAwkN3Xz1/uOg+6IRb1vb3sGO2O

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      alocal.dll

    • Size

      2.0MB

    • MD5

      c0ac0367a40430af221b8c03417c2a73

    • SHA1

      7d883b5094f8dd9c4b5cb96910d21aa5eba49bc5

    • SHA256

      4c01ded1e8e7171e860ebe7b2bb949a2bcdd9b7aad7e5905a8f2a393670f20ec

    • SHA512

      0bc0a45b6f05042dc954c507350e14f811f973aab3b170141e9349a25a71b4699f2dd41db8175107d4e5938158b5712c9971654e6d3d174853b65b92e7c95955

    • SSDEEP

      49152:1gQsyP4JX/sdwSQHjnpMRGbaMfJTTVVXIMSW5lnnRoe:1WJX/cwfDpUGbzdTVVYzORoe

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      api32.lib

    • Size

      790KB

    • MD5

      fe7ce21bcad0d45fbe169dca2fc2dba4

    • SHA1

      fa09957401fdf1945894df9ba3de07f0add6da77

    • SHA256

      aa25ceab55e9673a5781985303b01d3f8fc23df6ca4a92ab9028b49e01e43d7a

    • SHA512

      ef41f9e037405f4d75705fccf5f645a69a2e90f184b54b4b94f1e23379fd15d3fc64a661de8034669983f6b38a9ed764a0e3ceedd94b2446a557be5c5bbdcd73

    • SSDEEP

      12288:rofqGAgi6q7KmXjiLoSiv0Salc2stfWJlWJuQvJFvyC:UfqG3tq2mXjkd3rahF

    Score
    3/10
    behavioral5behavioral6

    • Target

      libcef.lib

    • Size

      291KB

    • MD5

      797f15c89fc3dc9d052061202c9d65cf

    • SHA1

      d67178eedd91ab53c79ded28c0fd87d0149ac8ca

    • SHA256

      6a2df4801d1b40e34b9b1be91b0aaa6e49da66fd5ed09254d83af2ec86c8d81c

    • SHA512

      1193098cb4bbbe247dfa9f984959a6b1237d98793a232a3ce3ca6de9976310b8e7c0b63c27ac599afcb48c14576047090b53432b8fda3c7e5d093e31ecacd422

    • SSDEEP

      6144:JKx4ytgiRFFTrouqPIJMWWnOYFqLBLMuHJ4BcpfLAOi7y:tyR1TrouqPIJMWWOYluHJqe0

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

7
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks