c17002f0e688dd34ca4bde9cc512df3ee4d5b1a069b20f908ba653ff02853be4 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

f000a02a12...26.exe

windows7-x64

9

f000a02a12...26.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

f000a02a12b8c42631ebaeb5f3bea526.exe
Size

1.4MB
Sample

230414-ggvywsgd76
MD5

f000a02a12b8c42631ebaeb5f3bea526
SHA1

d3bbde75e31c82a9d8d7e577cb543d0eef5e8205
SHA256

c17002f0e688dd34ca4bde9cc512df3ee4d5b1a069b20f908ba653ff02853be4
SHA512

b6015e885d06654cb9f68afedcf520f9c1541c81a5d91d0f520ee48962cd3f41967b9d8c541d390f5253de47ce6141f45f4938b93e5fa491ae169d6a16fdb3c3
SSDEEP

24576:zaUzgWd8h3ox5Hz+PQdum5ka2UDbqPyfrzvsSLcf2JLQa0h0n+/MyM+5vMonk:WUlWhOHzb24xfrDsS8+BW0n+/Zd3k

Score

9^/10

discovery evasion spyware stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f000a02a12b8c42631ebaeb5f3bea526.exe

Resource

win7-20230220-en

discovery evasion spyware stealer themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f000a02a12b8c42631ebaeb5f3bea526.exe

Resource

win10v2004-20230220-en

discovery evasion spyware stealer themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  f000a02a12b8c42631ebaeb5f3bea526.exe
- Size
  
  1.4MB
- MD5
  
  f000a02a12b8c42631ebaeb5f3bea526
- SHA1
  
  d3bbde75e31c82a9d8d7e577cb543d0eef5e8205
- SHA256
  
  c17002f0e688dd34ca4bde9cc512df3ee4d5b1a069b20f908ba653ff02853be4
- SHA512
  
  b6015e885d06654cb9f68afedcf520f9c1541c81a5d91d0f520ee48962cd3f41967b9d8c541d390f5253de47ce6141f45f4938b93e5fa491ae169d6a16fdb3c3
- SSDEEP
  
  24576:zaUzgWd8h3ox5Hz+PQdum5ka2UDbqPyfrzvsSLcf2JLQa0h0n+/MyM+5vMonk:WUlWhOHzb24xfrDsS8+BW0n+/Zd3k
Score

9^/10

discovery evasion spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealerthemidatrojan

behavioral2

discoveryevasionspywarestealerthemidatrojan

© 2018-2025

Terms | Privacy