80d3125138b6c91f3a279cda223de8b2e2c58381f1553da988267e06ff17312f

Resubmissions

13/12/2023, 10:13

231213-l86xpabbfl 9

13/10/2023, 09:21

231013-lbb12sgb7t 9

25/04/2023, 02:57

230425-dfyrlshh5s 9

Sharing

Copy URL Twitter E-mail

General

Target

Spectral_Engine.exe
Size

2.9MB
Sample

231213-l86xpabbfl
MD5

a650df649db9d55f262cb25f1dadcf2a
SHA1

70a873b7654c739b17039025b36465f30ab5946b
SHA256

80d3125138b6c91f3a279cda223de8b2e2c58381f1553da988267e06ff17312f
SHA512

6e2f59cc5c52c721266462e01dc10c1009294e2542cbf1d42b8009c103ed26b73796f535dc9b0118edd42d0f4981940e0b3b7f97478352a7b6ca2a2f6171c58b
SSDEEP

49152:Dtjp+g8vpvKQ5GktOvxRGzho1spNFDkTyOJxkTSivi322VS2QWVmSn4q8UbGpoHm:ZI5vBr5GkwJMtVBDOymkTSivIkAVvnPi

Score

9^/10

Malware Config

Targets

- Target
  
  Spectral_Engine.exe
- Size
  
  2.9MB
- MD5
  
  a650df649db9d55f262cb25f1dadcf2a
- SHA1
  
  70a873b7654c739b17039025b36465f30ab5946b
- SHA256
  
  80d3125138b6c91f3a279cda223de8b2e2c58381f1553da988267e06ff17312f
- SHA512
  
  6e2f59cc5c52c721266462e01dc10c1009294e2542cbf1d42b8009c103ed26b73796f535dc9b0118edd42d0f4981940e0b3b7f97478352a7b6ca2a2f6171c58b
- SSDEEP
  
  49152:Dtjp+g8vpvKQ5GktOvxRGzho1spNFDkTyOJxkTSivi322VS2QWVmSn4q8UbGpoHm:ZI5vBr5GkwJMtVBDOymkTSivIkAVvnPi
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks computer location settings

Themida packer

Checks whether UAC is enabled

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4