Overview

overview

9

Static

static

7

7c3be53871...45.exe

windows7-x64

9

7c3be53871...45.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    7c3be53871ada064f454e26871ebd2e5098ee6b804ffce6b4d514b075d62e445

  • Size

    3.7MB

  • Sample

    230709-1mappagh6x

  • MD5

    2618314ae69d393acd478b333794c55e

  • SHA1

    20e33ddfa79fd6482c82cf88fa2df8451155089e

  • SHA256

    7c3be53871ada064f454e26871ebd2e5098ee6b804ffce6b4d514b075d62e445

  • SHA512

    39343571c43d18c161d1a96e79887f2e8d6a837d1f621902fbf37cff84dff5ffd596db07fa0dbd97c3269f40495600f6e86a40f2964b42959d5169ead4b1edfd

  • SSDEEP

    98304:wR0HJm90HO0iEkiUVpNbQ7TYUE2O8VtdCa05DtvtFy6kab:7Jm90HOviUVpNbqsd8VnFoNGFu

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      7c3be53871ada064f454e26871ebd2e5098ee6b804ffce6b4d514b075d62e445

    • Size

      3.7MB

    • MD5

      2618314ae69d393acd478b333794c55e

    • SHA1

      20e33ddfa79fd6482c82cf88fa2df8451155089e

    • SHA256

      7c3be53871ada064f454e26871ebd2e5098ee6b804ffce6b4d514b075d62e445

    • SHA512

      39343571c43d18c161d1a96e79887f2e8d6a837d1f621902fbf37cff84dff5ffd596db07fa0dbd97c3269f40495600f6e86a40f2964b42959d5169ead4b1edfd

    • SSDEEP

      98304:wR0HJm90HO0iEkiUVpNbQ7TYUE2O8VtdCa05DtvtFy6kab:7Jm90HOviUVpNbqsd8VnFoNGFu

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks