fad275e8b102364e30568a38cb2d8f7b201e2de13973897d415cb3c052733139 | Triage

Submit
Reports

Overview

overview

Static

static

7

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

fad275e8b102364e30568a38cb2d8f7b201e2de13973897d415cb3c052733139
Size

5.0MB
Sample

231113-lc5pracb97
MD5

8e676bd7e394be22d5cbb21e10a61e69
SHA1

36fe8d62d15c617d93dd7fca8b6216c75ce20cb8
SHA256

fad275e8b102364e30568a38cb2d8f7b201e2de13973897d415cb3c052733139
SHA512

82cb119f0d536091bd9f794c57ca322e49bafb8049aec2ef212224575502b9390f8a18add310c033b9813210cd210a42189f4892212e45ea023791d94c5a3c3a
SSDEEP

98304:J+7vcHx20RXXj6Q28LrsgmyTRaGdyjRonyV5FoPLCngY2ZyxnPYkKyAX/myq:JAcgUjEgmmRahFhV54L7YBxnPtKNPmyq

Score

10^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fad275e8b102364e30568a38cb2d8f7b201e2de13973897d415cb3c052733139.exe

Resource

win7-20231020-en

evasion themida trojan

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

fad275e8b102364e30568a38cb2d8f7b201e2de13973897d415cb3c052733139.exe

Resource

win10-20231020-en

evasion themida trojan

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  fad275e8b102364e30568a38cb2d8f7b201e2de13973897d415cb3c052733139
- Size
  
  5.0MB
- MD5
  
  8e676bd7e394be22d5cbb21e10a61e69
- SHA1
  
  36fe8d62d15c617d93dd7fca8b6216c75ce20cb8
- SHA256
  
  fad275e8b102364e30568a38cb2d8f7b201e2de13973897d415cb3c052733139
- SHA512
  
  82cb119f0d536091bd9f794c57ca322e49bafb8049aec2ef212224575502b9390f8a18add310c033b9813210cd210a42189f4892212e45ea023791d94c5a3c3a
- SSDEEP
  
  98304:J+7vcHx20RXXj6Q28LrsgmyTRaGdyjRonyV5FoPLCngY2ZyxnPYkKyAX/myq:JAcgUjEgmmRahFhV54L7YBxnPtKNPmyq
Score

10^/10

evasion themida trojan
- Detects DLL dropped by Raspberry Robin.
  Raspberry Robin.
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2025

Terms | Privacy