Overview

overview

9

Static

static

7

YHNCrew-La...12.exe

windows10-2004-x64

9

Resubmissions

13/06/2023, 13:00

230613-p81x8agg6t 9

09/06/2023, 12:34

230609-pr319acb29 9

09/06/2023, 12:09

230609-pbwl8sch51 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    YHNCrew-Launcher-V12.exe

  • Size

    5.1MB

  • Sample

    230609-pbwl8sch51

  • MD5

    76689a8033e9cbfe024578129626d59f

  • SHA1

    913d5d2b6705a4295268d7a8fac02a6ef47c37f8

  • SHA256

    86553adc36ef6c4f1343c7989779e42bfe579b0e5f2288ff96bca00297da3a27

  • SHA512

    c7070e132f9f40f5c5b4df908b99c13522cb93e85897981f1967a673e72ebc35ffa9aada77e60fb642cba24bdaf2c3539b01f6715f4dd372a8beb1219e9c7522

  • SSDEEP

    98304:lIVdSNYJud6FqlhJyt6wp+9QUluCsbva7l2if4TqYpMZmM2ssdX7ZZpTL341Yt:ESeTqlhJytLp+LluCUvaBh4uYaZwsgrb

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      YHNCrew-Launcher-V12.exe

    • Size

      5.1MB

    • MD5

      76689a8033e9cbfe024578129626d59f

    • SHA1

      913d5d2b6705a4295268d7a8fac02a6ef47c37f8

    • SHA256

      86553adc36ef6c4f1343c7989779e42bfe579b0e5f2288ff96bca00297da3a27

    • SHA512

      c7070e132f9f40f5c5b4df908b99c13522cb93e85897981f1967a673e72ebc35ffa9aada77e60fb642cba24bdaf2c3539b01f6715f4dd372a8beb1219e9c7522

    • SSDEEP

      98304:lIVdSNYJud6FqlhJyt6wp+9QUluCsbva7l2if4TqYpMZmM2ssdX7ZZpTL341Yt:ESeTqlhJytLp+LluCUvaBh4uYaZwsgrb

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks