Overview

overview

9

Static

static

7

50d317df83...ea.exe

windows7-x64

9

50d317df83...ea.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    50d317df8397ffe82d01a6720af0074a85f4568b7941ed9c9eb331c07a6b65ea

  • Size

    5.3MB

  • Sample

    231124-zw76wafa7w

  • MD5

    ad32d713f0182e55ecd7315d7871022f

  • SHA1

    37cfea0d8f107a6ac1c9f914fcc1ebd0aa836528

  • SHA256

    50d317df8397ffe82d01a6720af0074a85f4568b7941ed9c9eb331c07a6b65ea

  • SHA512

    ba60a94b247ecbd72f67d04f8f9efd70d0291c120d913adfecbafb0e401d346b29f5f4512d7f324bb052de3b295e200b6cc8d37ccfa28a91c97852f451a4e76c

  • SSDEEP

    98304:XE6uXxJ1O9eBLWsv7XDcXMDvViTUKWG+qQqN0HcMhQwV/ydnC5+vh0lmwU5cluh:6XxM0LWsv08DvViTUC4pzyYMKlmxiluh

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      50d317df8397ffe82d01a6720af0074a85f4568b7941ed9c9eb331c07a6b65ea

    • Size

      5.3MB

    • MD5

      ad32d713f0182e55ecd7315d7871022f

    • SHA1

      37cfea0d8f107a6ac1c9f914fcc1ebd0aa836528

    • SHA256

      50d317df8397ffe82d01a6720af0074a85f4568b7941ed9c9eb331c07a6b65ea

    • SHA512

      ba60a94b247ecbd72f67d04f8f9efd70d0291c120d913adfecbafb0e401d346b29f5f4512d7f324bb052de3b295e200b6cc8d37ccfa28a91c97852f451a4e76c

    • SSDEEP

      98304:XE6uXxJ1O9eBLWsv7XDcXMDvViTUKWG+qQqN0HcMhQwV/ydnC5+vh0lmwU5cluh:6XxM0LWsv08DvViTUC4pzyYMKlmxiluh

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks