Overview

overview

9

Static

static

7

5b401c1e2d...76.exe

windows7-x64

9

5b401c1e2d...76.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29d48c1a6adcb603baedeb81e.bin

  • Size

    3.8MB

  • Sample

    230630-rtahtsed7s

  • MD5

    8b084e4b51152057160c6c95ffc0d366

  • SHA1

    77627dfa2ebd9e837cbc13d34d5421ca653ddcb0

  • SHA256

    44e785aa685da593f0f4e98c773948c101e42f655e5b8f84d2d445d53851b498

  • SHA512

    c3fcc7bd36c99bbe65c91ddf0c1e57c9c68326e73e62734d7b0a96dc4c63079986af76fad2d9ddbd2be66f1d89897d1086f67e2f0063905052b238109f7df7ae

  • SSDEEP

    98304:I9YPjUy/8mtevBjFlU1ZpzrMdJipEQWiJCdPKywBEd6SXkB4KOEwA7l:I9K2mI5k9shWCdPK1BECB4il

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      5b401c1e2d29dc0d4ea552f872adcba2db55e85182cdfc86e955a6b12d580f76.exe

    • Size

      3.9MB

    • MD5

      29d48c1a6adcb603baedeb81ecb746a2

    • SHA1

      65a8cdb82e062ec5bb93465525e8d7b7f7e1761b

    • SHA256

      5b401c1e2d29dc0d4ea552f872adcba2db55e85182cdfc86e955a6b12d580f76

    • SHA512

      3aed36bd734fa90c2ff741af23deef52f17d764a66bd59319ace7193baf1fa44090179e5c907720e112c1741fcf2c25f0d088682ba37c8a93c003512a64b134f

    • SSDEEP

      98304:4LrEGCBmFA+vgV4jjoNEZ2XyvgrpZsMSmI7+RAzI0:4HErBiA464jcNEAXWgrpZsMSD7+h0

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks