ac9018feca227a5f513a5954e9274374f07ec87551e594242c9edf2f9e7f025b | Triage

Submit
Reports

Overview

overview

9

Static

static

7

ac9018feca...5b.dll

windows7-x64

9

ac9018feca...5b.dll

windows10-2004-x64

9

Sharing

General

Target

ac9018feca227a5f513a5954e9274374f07ec87551e594242c9edf2f9e7f025b
Size

3.0MB
Sample

231112-t944gsgh4z
MD5

ee741e1b1ead93370428691e3e1ec18d
SHA1

d81159d926b2f5592912208f4de14e2fbfefaa77
SHA256

ac9018feca227a5f513a5954e9274374f07ec87551e594242c9edf2f9e7f025b
SHA512

9be5db9caf9408537c2dd64d15ba9e6b02df11a0359309962c3f86407b516c18252ceb51b3d31f613013987f4f348cba7dbe4f687c598ca0e202fd645b7afd5e
SSDEEP

49152:CUrAJ1BqAOnNWsEq3011NdhwCoRXmehA9oMBCfLaJ3Ym9Aamk3vvcLLb:CSmOnNCTE9B/DaJIJVk3vkLn

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ac9018feca227a5f513a5954e9274374f07ec87551e594242c9edf2f9e7f025b.dll

Resource

win7-20231023-en

evasion themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac9018feca227a5f513a5954e9274374f07ec87551e594242c9edf2f9e7f025b.dll

Resource

win10v2004-20231020-en

evasion themida trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  ac9018feca227a5f513a5954e9274374f07ec87551e594242c9edf2f9e7f025b
- Size
  
  3.0MB
- MD5
  
  ee741e1b1ead93370428691e3e1ec18d
- SHA1
  
  d81159d926b2f5592912208f4de14e2fbfefaa77
- SHA256
  
  ac9018feca227a5f513a5954e9274374f07ec87551e594242c9edf2f9e7f025b
- SHA512
  
  9be5db9caf9408537c2dd64d15ba9e6b02df11a0359309962c3f86407b516c18252ceb51b3d31f613013987f4f348cba7dbe4f687c598ca0e202fd645b7afd5e
- SSDEEP
  
  49152:CUrAJ1BqAOnNWsEq3011NdhwCoRXmehA9oMBCfLaJ3Ym9Aamk3vvcLLb:CSmOnNCTE9B/DaJIJVk3vkLn
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2025

Terms | Privacy