2bc6fa853424f4cada533095f8cd00b669daad0d82a4dd1dba73dfb950932b17 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

a19c0b7b6a...fa.dll

windows10-1703-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

a19c0b7b6aa1fd4f5f024a50564b5f85c2431752edc527c0a09928cb8c5eb9fa.zip
Size

20.1MB
Sample

231008-3v2t9aah98
MD5

2d3649046da6dcc8612b6ebbfa0d98e4
SHA1

64a6f583f943504b2667ae649e209dfb3ef81296
SHA256

2bc6fa853424f4cada533095f8cd00b669daad0d82a4dd1dba73dfb950932b17
SHA512

1ecb603c9d7bdae745051f1c55f654bf0de8bb0cf18d5dc8ba1b45ad9f2fb8280479a4152f9cb9c302d966bb063bee9c5269569adc93bebbc3ab440d9800de9e
SSDEEP

393216:bSWpo4Lj8uQ8O/pabQQ9YVHiretHbI/AZGJFIk7ZY/YaWBuMgeWEcx+lY5:mWo4DpQQ9hEHE0GJy4YgaIhXrO5

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a19c0b7b6aa1fd4f5f024a50564b5f85c2431752edc527c0a09928cb8c5eb9fa.dll

Resource

win10-20230915-es

evasion themida trojan

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a19c0b7b6aa1fd4f5f024a50564b5f85c2431752edc527c0a09928cb8c5eb9fa.dll
- Size
  
  20.4MB
- MD5
  
  ec2b89b5f8bf063117ead3a5f87d4119
- SHA1
  
  247da03362db95a4fa78527246969ae9152e8c41
- SHA256
  
  a19c0b7b6aa1fd4f5f024a50564b5f85c2431752edc527c0a09928cb8c5eb9fa
- SHA512
  
  5f1ce58bd184192f4f18e37177e99f30be6522998a26519e5004a30c16d8ded1a16bc24676e4f24fc773074e54fded2c0cd635341e553fb775701c6bf9626b9c
- SSDEEP
  
  393216:GEOKzodmSO2ku33L25GYTEG5OkdlzNk8lxaoIKIdIL9pbbqf7yWzpsUX:GqzodmSO2133LRYT7YkdxNkCeKdbWjni
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2025

Terms | Privacy