f23f0b82588ebe19c1f0ea4a4b6c3312ddf6ce6cfbec3802595ff5241df233b4 | Triage

Sharing

General

Target

f23f0b82588ebe19c1f0ea4a4b6c3312ddf6ce6cfbec3802595ff5241df233b4
Size

5.1MB
Sample

230330-kefb7sbg49
MD5

a236a8b4c750db2b0ff77b99657908d6
SHA1

ff77f5a2368b4543f9daeaa9a3a2f3c409ec78ab
SHA256

f23f0b82588ebe19c1f0ea4a4b6c3312ddf6ce6cfbec3802595ff5241df233b4
SHA512

4d644f2216dc698e0d7f78cabd246726473b612790c61b60ee69f212c9a45e720b97faa6919d18b24ac17927eced7347127b2a94e68c7fc7a018f89d1d8a0098
SSDEEP

98304:Nic2milfTTYZ8PM756l6y5Bo6qqFhgYiSQn:Grlg2UlKj26qqFhe7

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  f23f0b82588ebe19c1f0ea4a4b6c3312ddf6ce6cfbec3802595ff5241df233b4
- Size
  
  5.1MB
- MD5
  
  a236a8b4c750db2b0ff77b99657908d6
- SHA1
  
  ff77f5a2368b4543f9daeaa9a3a2f3c409ec78ab
- SHA256
  
  f23f0b82588ebe19c1f0ea4a4b6c3312ddf6ce6cfbec3802595ff5241df233b4
- SHA512
  
  4d644f2216dc698e0d7f78cabd246726473b612790c61b60ee69f212c9a45e720b97faa6919d18b24ac17927eced7347127b2a94e68c7fc7a018f89d1d8a0098
- SSDEEP
  
  98304:Nic2milfTTYZ8PM756l6y5Bo6qqFhgYiSQn:Grlg2UlKj26qqFhe7
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan