Overview

overview

9

Static

static

7

YfXFl26W9E.exe

windows7-x64

9

YfXFl26W9E.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    b0778fe6fdf3348ad6e10e6b02199f9b63662f6a061b1ca260e80019d1d0c90b.zip.zip

  • Size

    27.7MB

  • Sample

    231107-rbb9psfh5s

  • MD5

    e49e2d9490d1276cc2fd384fe0c2e4f0

  • SHA1

    e666d9902825ed105ee8b851ed791ed9625dadfa

  • SHA256

    a60ae755a635a84b57e1e2d74884f2cc56424dc1164b1beceb531b6b8e1d4140

  • SHA512

    b62162b0303497b631af4363841324326db9d871fba9ae201a6b2f27a5fc0e672d5a375b67710bd341c24cb2daa907454c9b656785354cee75c3d7b24bf97210

  • SSDEEP

    786432:m+cIVvMDyh50Hfy9w4VIDLarb89sXWke7MITsDR3ssMQ:tcIVU+h79T6W09sXK7MIT8sM

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      YfXFl26W9E.exe

    • Size

      13.5MB

    • MD5

      005c51949d76adb2f624acde2031f68b

    • SHA1

      a560c9ceb511f27906ab65c95b4c5d7088843f9b

    • SHA256

      70aae1a638ff14688e808998909cd036783f80cb75bffe12f1b07aa3fd932aff

    • SHA512

      f7f22b7c6d237f53cbe81fb89adb82ed66eb26d0996c52dbae94e8cff22415a7ce2e26983c050dc4b6205e570326df8f44c0532232c250b143e2dcfaaa1f3f2c

    • SSDEEP

      393216:CfhiAOxOvrq52XXWRct7VdHBpVBQsrQyWudmso:CROEvTl7VdhpVBQGQyW8o

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks