b170b77fda8a44f846d2f29ed66d7645511cb8e2343691b8d53e5a6f5c09a390 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Mixed Crac....3.exe

windows10-2004-x64

9

Sharing

General

Target

Mixed Cracking Pack Tools vol.3.exe
Size

762.9MB
Sample

231003-ptxx1sce87
MD5

9ce3bca935a2823e3290e4a51a52cb15
SHA1

2b515612ac972df47e43486c7dd7bf404c9ee183
SHA256

b170b77fda8a44f846d2f29ed66d7645511cb8e2343691b8d53e5a6f5c09a390
SHA512

5c1c18c919d3297585528d7bf870a88bc44858114d42ec6e41ac10fc1aaa442b12cdd402dac3ef5ed5e015218e67dd1eae5ac56ec61cf17cf26739f120b4ca3e
SSDEEP

49152:r4Lu2F3OzhVtsJNcPlVor4AvnQXHXlrCs0wjEUQr9+wW:r78ezhVfAf4HVrCs0EQ

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Mixed Cracking Pack Tools vol.3.exe

Resource

win10v2004-20230915-en

evasion themida trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Mixed Cracking Pack Tools vol.3.exe
- Size
  
  762.9MB
- MD5
  
  9ce3bca935a2823e3290e4a51a52cb15
- SHA1
  
  2b515612ac972df47e43486c7dd7bf404c9ee183
- SHA256
  
  b170b77fda8a44f846d2f29ed66d7645511cb8e2343691b8d53e5a6f5c09a390
- SHA512
  
  5c1c18c919d3297585528d7bf870a88bc44858114d42ec6e41ac10fc1aaa442b12cdd402dac3ef5ed5e015218e67dd1eae5ac56ec61cf17cf26739f120b4ca3e
- SSDEEP
  
  49152:r4Lu2F3OzhVtsJNcPlVor4AvnQXHXlrCs0wjEUQr9+wW:r78ezhVfAf4HVrCs0EQ
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2024

Terms | Privacy