e850559ebc260d4643cd9926547e4a2369fd1c23291036a99276ec881303fa31 | Triage

Submit
Reports

Overview

overview

Static

static

3

371a6a1c8f...c2.exe

windows7-x64

371a6a1c8f...c2.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

371a6a1c8f54420097aad2c5d56881c2.bin
Size

6.1MB
Sample

231223-bqa27adhar
MD5

371a6a1c8f54420097aad2c5d56881c2
SHA1

4d26810613a17f84b9c04e7f13fd14f3823a391f
SHA256

e850559ebc260d4643cd9926547e4a2369fd1c23291036a99276ec881303fa31
SHA512

6da6b41d6d3c1621cb2eb4a41d0d59ee98427450ac7459690eeae62e0a3ca7fb51692ca56dd4f15d7345e64b3e0d957672ee5c886be467df7173052fe587cdef
SSDEEP

196608:pdrH+u+zPFjxAuIQOSqHzEbGL+s9oqp3nQJ:OlzP3aQqemboo30

Score

10^/10

google evasion persistence phishing themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

371a6a1c8f54420097aad2c5d56881c2.exe

Resource

win7-20231215-en

google evasion persistence phishing themida trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

371a6a1c8f54420097aad2c5d56881c2.exe

Resource

win10v2004-20231215-en

evasion persistence themida trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  371a6a1c8f54420097aad2c5d56881c2.bin
- Size
  
  6.1MB
- MD5
  
  371a6a1c8f54420097aad2c5d56881c2
- SHA1
  
  4d26810613a17f84b9c04e7f13fd14f3823a391f
- SHA256
  
  e850559ebc260d4643cd9926547e4a2369fd1c23291036a99276ec881303fa31
- SHA512
  
  6da6b41d6d3c1621cb2eb4a41d0d59ee98427450ac7459690eeae62e0a3ca7fb51692ca56dd4f15d7345e64b3e0d957672ee5c886be467df7173052fe587cdef
- SSDEEP
  
  196608:pdrH+u+zPFjxAuIQOSqHzEbGL+s9oqp3nQJ:OlzP3aQqemboo30
Score

10^/10

google evasion persistence phishing themida trojan
- Detected google phishing page
  phishing google
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

googleevasionpersistencephishingthemidatrojan

behavioral2

evasionpersistencethemidatrojan

© 2018-2025

Terms | Privacy