Overview

overview

9

Static

static

7

1c2c123568...1b.dll

windows7-x64

9

1c2c123568...1b.dll

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    1c2c1235687f47a63d847b431a6460f7c39419726d317ebb8d344bbfc145291b

  • Size

    2.9MB

  • Sample

    231231-xnm5mafab6

  • MD5

    8dc3329fb9a2e6f5c03ab8061d0844a7

  • SHA1

    c17e3c474bd65d1d66d088671d3f8cef22d5fb5b

  • SHA256

    1c2c1235687f47a63d847b431a6460f7c39419726d317ebb8d344bbfc145291b

  • SHA512

    ac65cb3df044213ac9eeed9925d86c87b3477fd52ca39c43341343e2f9a14eb5732cf2b7429c1cd8dd31a8cbe33f31940d883f71b8dc9faeff22fb0b92cf9872

  • SSDEEP

    49152:pxe8pTFmOasM1XpsZuAU+qhEw6mlWCR+ZhkDvSIdwGPYFUVX8ywQmPd4P8pd:pxPTFmOT20Hqhx6YnDdlYFUVXnw7YUd

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      1c2c1235687f47a63d847b431a6460f7c39419726d317ebb8d344bbfc145291b

    • Size

      2.9MB

    • MD5

      8dc3329fb9a2e6f5c03ab8061d0844a7

    • SHA1

      c17e3c474bd65d1d66d088671d3f8cef22d5fb5b

    • SHA256

      1c2c1235687f47a63d847b431a6460f7c39419726d317ebb8d344bbfc145291b

    • SHA512

      ac65cb3df044213ac9eeed9925d86c87b3477fd52ca39c43341343e2f9a14eb5732cf2b7429c1cd8dd31a8cbe33f31940d883f71b8dc9faeff22fb0b92cf9872

    • SSDEEP

      49152:pxe8pTFmOasM1XpsZuAU+qhEw6mlWCR+ZhkDvSIdwGPYFUVX8ywQmPd4P8pd:pxPTFmOT20Hqhx6YnDdlYFUVXnw7YUd

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks