Overview

overview

9

Static

static

7

sus.exe

windows7-x64

9

sus.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sus

  • Size

    8.0MB

  • Sample

    230529-1jffrsdf72

  • MD5

    83aa432c43f01541e4f1e2f995940e69

  • SHA1

    931b6fd3e7ee5631fbc583640805809d9f2acc58

  • SHA256

    82f33adfecd67735874cdc9c2bfd27d4b5b904c828d861544c249798a3e65e7e

  • SHA512

    1c962495430b092e88bba43cef34d44ce1b6e23b6ddb610a1489cbb851db3dc1d322fc3c7b70fa952ff8009b76a9aa3d62daf0d8394f3f46f7b15a5105118278

  • SSDEEP

    196608:ecUG4raKu24YY7HVT4hV0AD6QgqKRgXTJ:UmKr4YYH+EUWpgXd

Score
9/10
agilenetevasionthemidatrojan

Malware Config

Targets

    • Target

      sus

    • Size

      8.0MB

    • MD5

      83aa432c43f01541e4f1e2f995940e69

    • SHA1

      931b6fd3e7ee5631fbc583640805809d9f2acc58

    • SHA256

      82f33adfecd67735874cdc9c2bfd27d4b5b904c828d861544c249798a3e65e7e

    • SHA512

      1c962495430b092e88bba43cef34d44ce1b6e23b6ddb610a1489cbb851db3dc1d322fc3c7b70fa952ff8009b76a9aa3d62daf0d8394f3f46f7b15a5105118278

    • SSDEEP

      196608:ecUG4raKu24YY7HVT4hV0AD6QgqKRgXTJ:UmKr4YYH+EUWpgXd

    Score
    9/10
    agilenetevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks