Overview

overview

9

Static

static

7

420.exe

windows7-x64

9

420.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    420.exe

  • Size

    8.3MB

  • Sample

    231010-y95ggabd76

  • MD5

    82f5fc1a6ce93b060d70d14dbeaac0e4

  • SHA1

    5b48d3c8729e9f50b213ff14cbbe76c181063258

  • SHA256

    c01f992823f1d37d440ba0349d2da7a5b03ac477af796a45a3818784f4f48348

  • SHA512

    fb7467fbb3eec4e74ed9461bc1ea3de389e9a53cde6d292a1f58e7ebf678252d4ead4f889730df6dd658d7e7e208ff820ff077daad8da4e4c2baf02b73d10885

  • SSDEEP

    196608:CRWX/WGom779THGCCcCZsGKygnzbn1Wn9aMa4A0H/FLL:CRWHom/9THGCCcXGKz5Wrgm3

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      420.exe

    • Size

      8.3MB

    • MD5

      82f5fc1a6ce93b060d70d14dbeaac0e4

    • SHA1

      5b48d3c8729e9f50b213ff14cbbe76c181063258

    • SHA256

      c01f992823f1d37d440ba0349d2da7a5b03ac477af796a45a3818784f4f48348

    • SHA512

      fb7467fbb3eec4e74ed9461bc1ea3de389e9a53cde6d292a1f58e7ebf678252d4ead4f889730df6dd658d7e7e208ff820ff077daad8da4e4c2baf02b73d10885

    • SSDEEP

      196608:CRWX/WGom779THGCCcCZsGKygnzbn1Wn9aMa4A0H/FLL:CRWHom/9THGCCcXGKz5Wrgm3

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks