Overview

overview

9

Static

static

7

QIw3x0N2J.exe

windows7-x64

9

QIw3x0N2J.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ace262e6aaa20844de6417446d75b50fea5cb55abf7bf251aa346ab6d8032785.zip.zip

  • Size

    27.6MB

  • Sample

    231107-rxd1eshg8w

  • MD5

    cc8fb08b80075d842fd45a55b7fdb250

  • SHA1

    a5b9c076dac6a11b3972fdcf8bcddfa8da235542

  • SHA256

    5995f50f6d04c1828c016537b748cd59e1cc4a9c9bbab33a6464b96d3eb6097e

  • SHA512

    1a6cc8384e034d967abd4d61a075d2a812a6a8f57be4fc1aeae082307b2cadbf69702a342af2af59aacda052424b961823f2e50655aa311990e47778f8c4aaf1

  • SSDEEP

    393216:gMTZQNtUtPDhFnrmwsbiHulW/GuZbaCoJy/JUctb/ma0E+/D/9yJVE:jQNtUtl4wsGHulWJgbjQfa7h

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      QIw3x0N2J.exe

    • Size

      13.4MB

    • MD5

      bfafcc2d51b99d4ff8d5654fb18cb70a

    • SHA1

      7ae3045b1c3a8ad39d9810e462085a349b7dd40b

    • SHA256

      9dc1a5b9da087f724dc7d97e24a48fee56470a8064c29073dc6ea8a70196ff83

    • SHA512

      41afc87a817fd2679ad19e8233d07025515ff6e23efd6891e5f2d51a4df0f182b7781863250d3a0cca3ecf4e905a2e89573eb583665b769abfac426de9f43655

    • SSDEEP

      393216:fOdeNEsj+pNo9K5YXbjGKl+vZqqbfBYOt+KGxO:GdeNXwYLX+MAqqb5YOQKqO

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks