Overview

overview

9

Static

static

7

Yams_Servi...er.exe

windows7-x64

9

Yams_Servi...er.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Yams_Services_Free_Spoofer.exe

  • Size

    3.7MB

  • Sample

    230330-m1fwzacc86

  • MD5

    b7b3977d71565f7439d8678a4588c503

  • SHA1

    d9552cc2ccd6f6e301b9fdaed8d86c22dc9740b2

  • SHA256

    c6a00f85e448a6278cea21dbd835d99d1ebd227828096e5f02fcb41f141bea69

  • SHA512

    4b9e53d7ec59d189f2b5693fa2193490ad53f9c042219f30ebe291ea7768b7b1cc6ce8d7c1bd3dc6705ec342f09c0c93f42c283e2995a3843dd561736e101ce5

  • SSDEEP

    98304:wtNJ1joN3XNBr7PuUZJunmnY7zL1V3ekh8bCZ9+RkOKlDwKtN:yBoNnrr7PrJumnY3LN8+KMDw2N

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Yams_Services_Free_Spoofer.exe

    • Size

      3.7MB

    • MD5

      b7b3977d71565f7439d8678a4588c503

    • SHA1

      d9552cc2ccd6f6e301b9fdaed8d86c22dc9740b2

    • SHA256

      c6a00f85e448a6278cea21dbd835d99d1ebd227828096e5f02fcb41f141bea69

    • SHA512

      4b9e53d7ec59d189f2b5693fa2193490ad53f9c042219f30ebe291ea7768b7b1cc6ce8d7c1bd3dc6705ec342f09c0c93f42c283e2995a3843dd561736e101ce5

    • SSDEEP

      98304:wtNJ1joN3XNBr7PuUZJunmnY7zL1V3ekh8bCZ9+RkOKlDwKtN:yBoNnrr7PrJumnY3LN8+KMDw2N

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks