Overview

overview

9

Static

static

3

updater.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updater.exe

  • Size

    150.1MB

  • Sample

    231118-zcfyaafe99

  • MD5

    50d4debceee779bdc030f5997a8d3ffc

  • SHA1

    9154fb52404b2f673d5a2f07dd70dc39239ff229

  • SHA256

    6cbedd2be007d13ba423469aacafcaab33e6669eead026be6acb82adac83f195

  • SHA512

    2250e3da04c927964ea6613348f6ca9ad083b21d58dce80e5b149a3f920ee5da6cbd9b3fba20e93481e797f209783aac6b8d9749d0d3c26c9ef8bdc072209901

  • SSDEEP

    786432:QTKLbMT/OBq3F/Fje9VO5mUWc1F3UINm4C1gluE4DmSvI/iuT9FaSc:QTKLbMThfCamUWUBUIE4CQubWK

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      updater.exe

    • Size

      150.1MB

    • MD5

      50d4debceee779bdc030f5997a8d3ffc

    • SHA1

      9154fb52404b2f673d5a2f07dd70dc39239ff229

    • SHA256

      6cbedd2be007d13ba423469aacafcaab33e6669eead026be6acb82adac83f195

    • SHA512

      2250e3da04c927964ea6613348f6ca9ad083b21d58dce80e5b149a3f920ee5da6cbd9b3fba20e93481e797f209783aac6b8d9749d0d3c26c9ef8bdc072209901

    • SSDEEP

      786432:QTKLbMT/OBq3F/Fje9VO5mUWc1F3UINm4C1gluE4DmSvI/iuT9FaSc:QTKLbMThfCamUWUBUIE4CQubWK

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks