Overview

overview

9

Static

static

7

han.zo.exe

windows7-x64

9

han.zo.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    han.zo.exe

  • Size

    5.3MB

  • Sample

    231014-cvvg3abf7w

  • MD5

    aca3fea6cc9dc5976ad3136ebcfc44ea

  • SHA1

    575eb7a336a17b36be250000e75ae2913da6d5fa

  • SHA256

    8b146c775c240e02e3ce27f57fc952d6e1665e736603863b2599891894dd40f6

  • SHA512

    d23e8df5b1b70255ca57cc9ba65e0d9b0eaf6792ec30c582c81e54e70fe871ed7badb450d18e9fe1e474168eab642a7f9589922d64763ff2da56a2492b5b3d7a

  • SSDEEP

    98304:3jQvbYoGRoZhbWan0jaGIyyetHuRVrJf1xjjlWCzMXB6BVUEzdX50VHLI3Zra2XK:3jaGRkoanZeO3ThlmgV7dXG2U2sLN6y

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      han.zo.exe

    • Size

      5.3MB

    • MD5

      aca3fea6cc9dc5976ad3136ebcfc44ea

    • SHA1

      575eb7a336a17b36be250000e75ae2913da6d5fa

    • SHA256

      8b146c775c240e02e3ce27f57fc952d6e1665e736603863b2599891894dd40f6

    • SHA512

      d23e8df5b1b70255ca57cc9ba65e0d9b0eaf6792ec30c582c81e54e70fe871ed7badb450d18e9fe1e474168eab642a7f9589922d64763ff2da56a2492b5b3d7a

    • SSDEEP

      98304:3jQvbYoGRoZhbWan0jaGIyyetHuRVrJf1xjjlWCzMXB6BVUEzdX50VHLI3Zra2XK:3jaGRkoanZeO3ThlmgV7dXG2U2sLN6y

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Stops running service(s)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks