Overview

overview

9

Static

static

7

84775188c0...5c.dll

windows7-x64

9

84775188c0...5c.dll

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    84775188c011460ed183f9686a883414dd3e31116e300f13fac8256358fbb75c

  • Size

    3.0MB

  • Sample

    231120-flp3rseg2x

  • MD5

    1ca98e415a3f8b96a857a617a42c2866

  • SHA1

    98ab03882ee0c7351e68377bf875adcf3e9badcd

  • SHA256

    84775188c011460ed183f9686a883414dd3e31116e300f13fac8256358fbb75c

  • SHA512

    0c0c6f20f69aa60e0086f15a6ac40183a585c3a7100754ccc8a8eb2616adaf21aaac0f6d788973a459dbbc5cb9e0024922ba6d5c64e8a4b0752509ee9b9a2529

  • SSDEEP

    49152:z19/B8UIrk3On9MUjq4b0zuFbgfIVvqtaOZUmVAzF+n59I2SF9Obq9d1d9Q7:zPANczsEfqq7U45n6OG7rg

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      84775188c011460ed183f9686a883414dd3e31116e300f13fac8256358fbb75c

    • Size

      3.0MB

    • MD5

      1ca98e415a3f8b96a857a617a42c2866

    • SHA1

      98ab03882ee0c7351e68377bf875adcf3e9badcd

    • SHA256

      84775188c011460ed183f9686a883414dd3e31116e300f13fac8256358fbb75c

    • SHA512

      0c0c6f20f69aa60e0086f15a6ac40183a585c3a7100754ccc8a8eb2616adaf21aaac0f6d788973a459dbbc5cb9e0024922ba6d5c64e8a4b0752509ee9b9a2529

    • SSDEEP

      49152:z19/B8UIrk3On9MUjq4b0zuFbgfIVvqtaOZUmVAzF+n59I2SF9Obq9d1d9Q7:zPANczsEfqq7U45n6OG7rg

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks