Overview

overview

9

Static

static

7

Prax.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Prax.dll

  • Size

    5.4MB

  • Sample

    231223-bn9gzagcd4

  • MD5

    ad6bf6c37d545b51df1ae3670f911020

  • SHA1

    fc32a802c09a4d91257edaf993f5d0f65d368d04

  • SHA256

    6b03618ea53f12d9ce51476599362e5f503b3a020f22b80dd2ad7d1be4b5add5

  • SHA512

    a90e08e457aaebd68915627c8aae5ad4e2626f712cc10578cd3ffd97e358c98ad36f8226068bf0343e1b5d9bdb2dda52d52bb526827d63671836569d626a7adb

  • SSDEEP

    98304:Ro+ZRKELs7IM7RnLYQQaLZBKSFE0aypzLUbfkKLjowtgPrILFfrN1mwb:9KYWIARnkQQaPKSFE05JUbsKvNe4D6wb

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Prax.dll

    • Size

      5.4MB

    • MD5

      ad6bf6c37d545b51df1ae3670f911020

    • SHA1

      fc32a802c09a4d91257edaf993f5d0f65d368d04

    • SHA256

      6b03618ea53f12d9ce51476599362e5f503b3a020f22b80dd2ad7d1be4b5add5

    • SHA512

      a90e08e457aaebd68915627c8aae5ad4e2626f712cc10578cd3ffd97e358c98ad36f8226068bf0343e1b5d9bdb2dda52d52bb526827d63671836569d626a7adb

    • SSDEEP

      98304:Ro+ZRKELs7IM7RnLYQQaLZBKSFE0aypzLUbfkKLjowtgPrILFfrN1mwb:9KYWIARnkQQaPKSFE05JUbsKvNe4D6wb

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks