Overview

overview

9

Static

static

7

529acd2234...d4.exe

windows7-x64

9

529acd2234...d4.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    529acd2234ace5a8a18e08e93a1facd4

  • Size

    2.7MB

  • Sample

    240111-fqvttafhd7

  • MD5

    529acd2234ace5a8a18e08e93a1facd4

  • SHA1

    643be5c176beada62a51a14750645c8568fa0878

  • SHA256

    eb1d308bb502ea3f83c980e4fb7298254a4263408fc0db297900233e7b935477

  • SHA512

    134bc5546159e558266e597454faa84f3a551c151695524974455b451be69eb3aeee4dbcc8744f610035a64eddbf7e2f5ab9dd564516f01735c5a41a8fa8c51e

  • SSDEEP

    49152:vf5V8GtF/0b6xY6VrOxlKcIJ8Me7abKlLwHtswyI0hJJKxZhV1uysEShdFH:vfkGX/s6x0xlRMiabSstFOJJKRV1uys1

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      529acd2234ace5a8a18e08e93a1facd4

    • Size

      2.7MB

    • MD5

      529acd2234ace5a8a18e08e93a1facd4

    • SHA1

      643be5c176beada62a51a14750645c8568fa0878

    • SHA256

      eb1d308bb502ea3f83c980e4fb7298254a4263408fc0db297900233e7b935477

    • SHA512

      134bc5546159e558266e597454faa84f3a551c151695524974455b451be69eb3aeee4dbcc8744f610035a64eddbf7e2f5ab9dd564516f01735c5a41a8fa8c51e

    • SSDEEP

      49152:vf5V8GtF/0b6xY6VrOxlKcIJ8Me7abKlLwHtswyI0hJJKxZhV1uysEShdFH:vfkGX/s6x0xlRMiabSstFOJJKRV1uys1

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks