84f468ea9a9da398bd6f22d8fc49937f36365bd989d3a6fe47f989329ea50b5d | Triage

Submit
Reports

Overview

overview

9

Static

static

7

JC_84f468e...5d.exe

windows7-x64

9

JC_84f468e...5d.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

JC_84f468ea9a9da398bd6f22d8fc49937f36365bd989d3a6fe47f989329ea50b5d
Size

9.1MB
Sample

230901-v7eaqagc8x
MD5

2637ac23f755c30e2b2f5be0e7c2b03b
SHA1

08788d05861e77f0182fb9de43293886a8c3669d
SHA256

84f468ea9a9da398bd6f22d8fc49937f36365bd989d3a6fe47f989329ea50b5d
SHA512

f5a02591da7212c8d11eac09bf72b1a21a026bbbefc9b7e094f198a2ce918168fa72859dd374e36964389d50b46ee839bacaeeccb38830234244f94e23e00333
SSDEEP

196608:G/YKLc6zN9xT/ofHunY3HSbvbgUwQWgkojeBZ3bML1iPSt08xi8Xf5b:G/Nc6zXhiXSbvsUw06skH8xBfB

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JC_84f468ea9a9da398bd6f22d8fc49937f36365bd989d3a6fe47f989329ea50b5d.exe

Resource

win7-20230831-en

evasion themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

JC_84f468ea9a9da398bd6f22d8fc49937f36365bd989d3a6fe47f989329ea50b5d.exe

Resource

win10v2004-20230831-en

evasion themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  JC_84f468ea9a9da398bd6f22d8fc49937f36365bd989d3a6fe47f989329ea50b5d
- Size
  
  9.1MB
- MD5
  
  2637ac23f755c30e2b2f5be0e7c2b03b
- SHA1
  
  08788d05861e77f0182fb9de43293886a8c3669d
- SHA256
  
  84f468ea9a9da398bd6f22d8fc49937f36365bd989d3a6fe47f989329ea50b5d
- SHA512
  
  f5a02591da7212c8d11eac09bf72b1a21a026bbbefc9b7e094f198a2ce918168fa72859dd374e36964389d50b46ee839bacaeeccb38830234244f94e23e00333
- SSDEEP
  
  196608:G/YKLc6zN9xT/ofHunY3HSbvbgUwQWgkojeBZ3bML1iPSt08xi8Xf5b:G/Nc6zXhiXSbvsUw06skH8xBfB
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2025

Terms | Privacy