b27ce7a62e676cd9318bab38bd522f960c20caa4b966f2c1bf18708fe98c2e8b | Triage

Submit
Reports

Overview

overview

9

Static

static

7

BIHBXRSIVW.dll

windows7-x64

9

BIHBXRSIVW.dll

windows10-2004-x64

9

YPRII8GSNC...ss.exe

windows7-x64

1

YPRII8GSNC...ss.exe

windows10-2004-x64

1

Sharing

General

Target

ba3e9e13da5c3cd90bd729eabbd98c5e.bin
Size

14.3MB
Sample

230319-wvcrsshe64
MD5

cd30f754221ce947f33781e448de094e
SHA1

2c5adff3bc3f8bac4edd7528a476cd25b028539f
SHA256

b27ce7a62e676cd9318bab38bd522f960c20caa4b966f2c1bf18708fe98c2e8b
SHA512

c2da3c385266979bbc37ce49423a859e392d090bd47f66d55dacbd5bd25ce100264c2e5d0148dedeb0f04a5526f191658e96761ddbf7189d440456424522e1af
SSDEEP

393216:3+U6RkJ4HXM6leD11RnREn/+XVMDXIi1NL3R0ViVdH/0:3mRkJEXM6kR1ZnWDXIq3mViVdHs

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BIHBXRSIVW.dll

Resource

win7-20230220-en

evasion themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

BIHBXRSIVW.dll

Resource

win10v2004-20230220-en

evasion themida trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

YPRII8GSNC37Q6VEFsss.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

YPRII8GSNC37Q6VEFsss.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  BIHBXRSIVW.rCJ
- Size
  
  14.5MB
- MD5
  
  9c10a526a73893354ffda1070e3c438f
- SHA1
  
  ce854ebd481c03df98625619bcc258614fc19515
- SHA256
  
  9fc52a3f3062b09ef6fe25ceeead5bcf3f80c712e8468fe887a57fbe19884b2c
- SHA512
  
  56f8cdfb10cbe024842390b7878e6cc83f4c644942d3785711310583c25499111e6427e1cb6954b17edf6db1ca9275d1e823ac5b32decfd62bddc13f1d624466
- SSDEEP
  
  393216:y1+g8B3BQ6lV7Vb3LBgTovVLRAsDEI3mtPuQTC35BeI:y1Vs3BQmBFiMVLRAsYI3OGx
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  YPRII8GSNC37Q6VEFsss
- Size
  
  889KB
- MD5
  
  03c469798bf1827d989f09f346ce95f7
- SHA1
  
  05e491bc1b8fbfbfdca24b565f2464137f30691e
- SHA256
  
  de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a
- SHA512
  
  d95aed75dd7b2470d4e5052b4b494ad9efbb9eee42c63cf0b38f1d0275ff7b1bb8ee4cbc69d1bb219dbbf33ad3b01cea97f87fa8fe69be7f943aa4417a603238
- SSDEEP
  
  24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

© 2018-2024

Terms | Privacy