Overview

overview

9

Static

static

7

Downloads.7z

windows7-x64

3

Downloads.7z

windows10-2004-x64

3

TwentyApp.exe

windows7-x64

9

TwentyApp.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Downloads.7z

  • Size

    6.4MB

  • Sample

    230419-mxejqsaa63

  • MD5

    df299e73965f0856531452cfd7e76433

  • SHA1

    fe3f3a07828dcbd2143dff4024df39d160586f5e

  • SHA256

    33f8d59caf3d26bd6434af7814e199c0e08b1757e112f521385d5f396dec68c8

  • SHA512

    8fa665fd7c9c3b6141ccfb41ea7848317122882496c41a76e594d27b9c1b834809f3d39d1beb677a46dbcffbd50ddf10b37a64a7535d7962e4f10708095c248c

  • SSDEEP

    196608:gRsir5MEr82uRqbv1gOTPviIjrA8wAabtWobRoYR9G5wNAmJGdxg:MNr5N85KTviOrAcStWobRPvYwNv0g

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Downloads.7z

    • Size

      6.4MB

    • MD5

      df299e73965f0856531452cfd7e76433

    • SHA1

      fe3f3a07828dcbd2143dff4024df39d160586f5e

    • SHA256

      33f8d59caf3d26bd6434af7814e199c0e08b1757e112f521385d5f396dec68c8

    • SHA512

      8fa665fd7c9c3b6141ccfb41ea7848317122882496c41a76e594d27b9c1b834809f3d39d1beb677a46dbcffbd50ddf10b37a64a7535d7962e4f10708095c248c

    • SSDEEP

      196608:gRsir5MEr82uRqbv1gOTPviIjrA8wAabtWobRoYR9G5wNAmJGdxg:MNr5N85KTviOrAcStWobRPvYwNv0g

    Score
    3/10
    behavioral1behavioral2

    • Target

      TwentyApp.exe

    • Size

      3.3MB

    • MD5

      5e2b1df5effbe5123eeff6752af2ca59

    • SHA1

      2e1597b42c40155aa4f56ed708ea4aeb2a5d8698

    • SHA256

      cd5d681f249663dde55b694693ead4e63ff1d626e5db57975aeaa41e65205c37

    • SHA512

      e1ce42dbea6940dbf883ba32f4e934dce2803606a3109369ddfc9cf47e89d82f4f6fcb1854a0745a0e4cb0ad1e095627f35c03a06fa5f42693638039b58698c2

    • SSDEEP

      98304:mZgO4UAJkCxZt3e0Y6qRlp5CNMqMDstLS7cqjAny:mZg3JlB3gXRlpkMqUM6cqjo

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks