Overview

overview

9

Static

static

7

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    263ea5ce55f4a953b49f6f49287394c511fd890913b4617a9b4953b0a8f9de75

  • Size

    4.8MB

  • Sample

    240212-fghg5adc48

  • MD5

    24f779d69f790e56d9e1c4fdd6d96c86

  • SHA1

    5d546d3c187d2ed3f6ffa07390900ab1029d3283

  • SHA256

    263ea5ce55f4a953b49f6f49287394c511fd890913b4617a9b4953b0a8f9de75

  • SHA512

    76f3dc24b54a376879b2268d01af36de9d7af2d2fbf9a7583a21469085abcaa404c0510d2db4b6529a10e3d42fd5288879cce493a13d5a8021b4a5373ebbe26c

  • SSDEEP

    98304:r7UHemPdguFDFGHkby74ycoAfZM1XhUWJyXXR9dooRurVy8R3WPOel3aq0l79:HhmquFFGDs/oMZAXhUwyHR9kyrPOtq0/

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      263ea5ce55f4a953b49f6f49287394c511fd890913b4617a9b4953b0a8f9de75

    • Size

      4.8MB

    • MD5

      24f779d69f790e56d9e1c4fdd6d96c86

    • SHA1

      5d546d3c187d2ed3f6ffa07390900ab1029d3283

    • SHA256

      263ea5ce55f4a953b49f6f49287394c511fd890913b4617a9b4953b0a8f9de75

    • SHA512

      76f3dc24b54a376879b2268d01af36de9d7af2d2fbf9a7583a21469085abcaa404c0510d2db4b6529a10e3d42fd5288879cce493a13d5a8021b4a5373ebbe26c

    • SSDEEP

      98304:r7UHemPdguFDFGHkby74ycoAfZM1XhUWJyXXR9dooRurVy8R3WPOel3aq0l79:HhmquFFGDs/oMZAXhUwyHR9kyrPOtq0/

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks