920371831cd4c054dd978298a63164deeccc13e47f163aad5b11bbfa4cd7bc5b

Resubmissions

14-03-2024 11:13

240314-nbn2qacg58 9

16-12-2023 15:21

231216-srg1kadce2 9

16-12-2023 14:59

231216-sczxtsbhdl 9

Sharing

Copy URL

Twitter E-mail

General

Target

920371831cd4c054dd978298a63164deeccc13e47f163aad5b11bbfa4cd7bc5b
Size

5.4MB
Sample

231216-srg1kadce2
MD5

5159b9560de1977a84ec551997912756
SHA1

e85828592e9e3a819cb2ca3e93408eefd6baf3c1
SHA256

920371831cd4c054dd978298a63164deeccc13e47f163aad5b11bbfa4cd7bc5b
SHA512

3c81017945feb562cfc21a871a998fae2099bd5633b833b7acc89dba4cb7d9fa673a31c41b7d6ae5e86bd81075714e2289dfa10818e324cef97cff40ba36c79e
SSDEEP

98304:ymqreXpB/IE/mCZa2M7qCc2GYCYuq7fEtV8jkV6qlqGKPbAjHsNeU0upVBwsXl:fr5Bz/NM7qCb9ZuCfGVt62EAjH6rnes1

Score

9^/10

Malware Config

Targets

- Target
  
  920371831cd4c054dd978298a63164deeccc13e47f163aad5b11bbfa4cd7bc5b
- Size
  
  5.4MB
- MD5
  
  5159b9560de1977a84ec551997912756
- SHA1
  
  e85828592e9e3a819cb2ca3e93408eefd6baf3c1
- SHA256
  
  920371831cd4c054dd978298a63164deeccc13e47f163aad5b11bbfa4cd7bc5b
- SHA512
  
  3c81017945feb562cfc21a871a998fae2099bd5633b833b7acc89dba4cb7d9fa673a31c41b7d6ae5e86bd81075714e2289dfa10818e324cef97cff40ba36c79e
- SSDEEP
  
  98304:ymqreXpB/IE/mCZa2M7qCc2GYCYuq7fEtV8jkV6qlqGKPbAjHsNeU0upVBwsXl:fr5Bz/NM7qCb9ZuCfGVt62EAjH6rnes1
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2