Overview

overview

10

Static

static

7

Launcher.exe

windows10-2004-x64

10

Resubmissions

04-06-2023 22:45

230604-2pj7ksea45 10

04-06-2023 22:33

230604-2g1vcsea32 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    123444214.zip

  • Size

    44.5MB

  • Sample

    230604-2g1vcsea32

  • MD5

    9360f30b0fc1cb69e7d0406f4d1f9aba

  • SHA1

    46cc796344a3a8bac8fb8fafa101f78c50e557b8

  • SHA256

    6749ee6608151816bfb208e37bf90c6ef1a423b601e9e78a17f5915bebe412d9

  • SHA512

    69152221aa4c0f3560af59b1167110ffc36a17d5fd7f14412e4b91dda2d6b4b70ef80d191410d106bed9ca2feeff8a222c018647529ae22f3dbceb9920cc9d3a

  • SSDEEP

    786432:unSAlgk6182N3mVfVqU4dSX4LPZuiqRzqsVnw7o/PA3ctn2SknjJdZ3cBl:ZNsVKUQLz09qXM/Istn2SINdCBl

Score
10/10
evasionthemida

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      238KB

    • MD5

      3f57e0a7cf5b58563305454db6469afc

    • SHA1

      e2297133c0de1c2b7ec71c47eb0963a0b7aaa045

    • SHA256

      bf1feaaf5334c8a79dc79d21fb2b9a7b1c8f48a462bdf052ee050a5da61911dc

    • SHA512

      84fb84f7894960ef4b1e8d9668c11dc86ca43771c814e9bd79269b3ea3c55f3b87495beff8d473c57b53e1b3d5fdca30fa1e9e6b62693d16a78c53ea7530192b

    • SSDEEP

      3072:A6a3YjMaTe0+87s/jLH7vw7Xy2MNI8EHRTmqhUEk22w:uc5nkLT2tMNxEHYCUt2t

    Score
    10/10
    evasionthemida

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks