Overview

overview

9

Static

static

7

EFRTHMOFJM.dll

windows7-x64

9

EFRTHMOFJM.dll

windows10-2004-x64

9

XSDG0CO4VF...ss.exe

windows7-x64

1

XSDG0CO4VF...ss.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    632a281e18d456c9144d3a7b705bcafc.bin

  • Size

    13.9MB

  • Sample

    230506-15sm8adc3w

  • MD5

    632a281e18d456c9144d3a7b705bcafc

  • SHA1

    632f6809628122fe151c903afe3e0c10fb37446a

  • SHA256

    5d8ee40cb28292dd3e059ef3b6f4e79af271c7a7827597c7355416787b6cf0ce

  • SHA512

    c2007182ea4af21f9d7697c6a82b1f906f165221935be41bc9f9dcd72367ee49703824fb6779ad0103540a817076f2b3bfab0cb9181796e5f083bf3d8f7d8528

  • SSDEEP

    196608:MTJPWYviQ7t10/mIUeDI+WfSQUFr3pVhL66QsJtFSLdG00mW09eP1tsFZIVDKb3x:67F8/mjYySdFr3siFJjZ9tsFqD0eZiK4

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      EFRTHMOFJM.wRn

    • Size

      13.8MB

    • MD5

      99341e4d2fee0ae1400866d9d603b1f6

    • SHA1

      6c6fd78580d600677a1c06dbb3c7c71693f4bff2

    • SHA256

      272465dbf0d1c78ba32a92cd3a45876a68acd3cb34c7f7e0065bd2b83080c300

    • SHA512

      83c00d998300f604fe9f576db473f2666f97bf09fd1551df76ccaf5f3b6fd99c1b0b0feabf0f1d2306983594f5b21a11022cf177ffc0341e2589ce900f87d61a

    • SSDEEP

      196608:5RPbnMvO3xOB8/IscBeM0tKhFMHjNEnpOgPHSnZaKC/m1tb32w1Hio/wtvI9OvOQ:jrN/InbfLMpOgR1tJ1F/wBI8Q

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      XSDG0CO4VFBO42HQ6UCC1AKsss

    • Size

      889KB

    • MD5

      03c469798bf1827d989f09f346ce95f7

    • SHA1

      05e491bc1b8fbfbfdca24b565f2464137f30691e

    • SHA256

      de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a

    • SHA512

      d95aed75dd7b2470d4e5052b4b494ad9efbb9eee42c63cf0b38f1d0275ff7b1bb8ee4cbc69d1bb219dbbf33ad3b01cea97f87fa8fe69be7f943aa4417a603238

    • SSDEEP

      24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks