Overview

overview

9

Static

static

7

Pop.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pop.zip

  • Size

    9.0MB

  • Sample

    230529-c4at1shg6s

  • MD5

    eb1f847e4a5632f2e2f1e0fac8e82d53

  • SHA1

    667803161a849311e27896070ace375d5102ed50

  • SHA256

    ce7957edb81774674e1364e1377e195060bb508330f30007a9e2b62ec5dd1aca

  • SHA512

    810e70219c95d1f5348e4e59bcd0b97a20a60143a1cd7851ed74cd6beae85eafbf888862c10c53289e27c339a7a4540c25cd22970be145615811e7c6395f4044

  • SSDEEP

    196608:ogfa9YHgKizGmmgouCLX45c99PoN1HDKxaC/nmnWqawaXsC:TfktemmgoB05cXPoN1HvC/mWqaGC

Score
9/10
agilenetevasionthemidatrojan

Malware Config

Targets

    • Target

      Pop.exe

    • Size

      9.0MB

    • MD5

      2133ef7afec1e4305982f358aae930ea

    • SHA1

      91e079cf85784db58cb9f540b05718ba08dd9745

    • SHA256

      6b16ad761c2320e8fc0d1b12263b3b2b54436a95eec14e8671047f7cb4188926

    • SHA512

      32a7975d6498308d4b998604ba4c659d5b406a3ccbce0500ebaf41a749d647e58676c0b9314f2379b5615a3f9ea65dd0ed3b5eae38f4ec35bbe8556eebdaa92e

    • SSDEEP

      196608:teEgBaHepmiOPwky+owy/rg53HRVu7vHDpS1IqBRU7kCs2q:tUBMDoky+oxc53xVu7vHhqBa4Cs

    Score
    9/10
    agilenetevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks