502963ee9e86da5e50bd09f3fcb7adadf67862bbe9757ec459bce700dd6fe97f | Triage

Submit
Reports

Overview

overview

9

Static

static

7

nemesis.exe

windows7-x64

9

nemesis.exe

windows10-2004-x64

7

Sharing

General

Target

nemesis.exe
Size

145KB
Sample

230401-2tpmvsef6y
MD5

50308cb5da61006033d96dcb7215d26c
SHA1

0a3664214ecec693a85b73750b967c96d52ebdd6
SHA256

502963ee9e86da5e50bd09f3fcb7adadf67862bbe9757ec459bce700dd6fe97f
SHA512

34adb027921d43a67900a2d30957ca5531ecd4ff0d6acea4c35fac023b67fc4e035eadce07c63842849cc95af4eee345026e080f758d97c65e5edae3005496af
SSDEEP

3072:1PAydW8hHlyIevVhITNW/y6r3WKrQqErj0kY/l+O+d9Sok6fSQz:JASl8toW33zrqEH/YOwSor6Q

Score

9^/10

evasion themida trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

nemesis.exe

Resource

win7-20230220-en

evasion themida trojan vmprotect

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

nemesis.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  nemesis.exe
- Size
  
  145KB
- MD5
  
  50308cb5da61006033d96dcb7215d26c
- SHA1
  
  0a3664214ecec693a85b73750b967c96d52ebdd6
- SHA256
  
  502963ee9e86da5e50bd09f3fcb7adadf67862bbe9757ec459bce700dd6fe97f
- SHA512
  
  34adb027921d43a67900a2d30957ca5531ecd4ff0d6acea4c35fac023b67fc4e035eadce07c63842849cc95af4eee345026e080f758d97c65e5edae3005496af
- SSDEEP
  
  3072:1PAydW8hHlyIevVhITNW/y6r3WKrQqErj0kY/l+O+d9Sok6fSQz:JASl8toW33zrqEH/YOwSor6Q
Score

9^/10

evasion themida trojan vmprotect
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

evasionthemidatrojanvmprotect

behavioral2

© 2018-2024

Terms | Privacy