Overview

overview

7

Static

static

7

RENAME_ME.exe

windows7-x64

7

RENAME_ME.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    1a50c19202c6748916a2cd5e0596636e

  • Size

    1.4MB

  • Sample

    231230-qyqvyaaggr

  • MD5

    1a50c19202c6748916a2cd5e0596636e

  • SHA1

    0d92584d0e571485f183ea535710bcfbd08cc4cc

  • SHA256

    a25c7a5931eff2b7e5fca8e037c2129d718889b5eece030cd1f0c4f8afb66585

  • SHA512

    82c12336db1cb79d3bc295014f3b5ac016556f17b65442583d1204744c82e74f6eec662ab39aad5374f2d69e8dc612e5b1d80ea22eee055a63265a4bf75253d7

  • SSDEEP

    24576:/bZlrWKfgiDikpBi39g/m8YcjNLTPO3JM1eF8kS/zor+TMPQTluvXwvbPnMbWccR:tbf/DikSiu8HdzOqeFDejMYhuIvbPMb8

Score
7/10
evasionthemida

Malware Config

Targets

    • Target

      RENAME_ME.exe

    • Size

      1.4MB

    • MD5

      4857c57dd2353426fc6ac805f86cec35

    • SHA1

      370448fcb31e1caebac43fea5e02a7b0dbb7444a

    • SHA256

      ca6ab4854fed31f91a2f19f1cd86f81b8638f8863998500f636d7576dca82290

    • SHA512

      ef411023ff39d409235e431b823e91c22d7112967389e32db32baf97f9f37fdaed270cf93069bc0117ce5d2e3734a5f5916799f9ca00f22426069e9e6e412d7b

    • SSDEEP

      24576:S1PKsAf93PRb6kN5iQsBQsJizL8X5nYNMD/xGP1j0:UWDN5ibQsaanYNMD50

    Score
    7/10
    evasionthemida

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks