Overview

overview

9

Static

static

7

96a89bdbd9...7b.dll

windows7-x64

7

96a89bdbd9...7b.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96a89bdbd9e2104e65bedf2b0c26957b

  • Size

    2.8MB

  • Sample

    240212-jpmzcshh92

  • MD5

    96a89bdbd9e2104e65bedf2b0c26957b

  • SHA1

    de7c1d47efc82b621dc825bdbf08dc08f16e82e9

  • SHA256

    63db0fcac0b644746d9523c92ab561866559ef0b4e63b2bb56c08e052aa9fd29

  • SHA512

    770d4f03e13885629713ad13649cf11ccbb399b90082f2d6f292b5642d8e59be4290d53f95e5beff6293373c638dd9d7e8d263596295151df32d6de318d425cd

  • SSDEEP

    49152:cprbfNhHCEoD9vTc1quudA1vVxtvVpbvaOBmidJpmqHCQYk6So3baK5/7wJp:0rpwHVTc16WraOBmidJpmql6x3p5/0H

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      96a89bdbd9e2104e65bedf2b0c26957b

    • Size

      2.8MB

    • MD5

      96a89bdbd9e2104e65bedf2b0c26957b

    • SHA1

      de7c1d47efc82b621dc825bdbf08dc08f16e82e9

    • SHA256

      63db0fcac0b644746d9523c92ab561866559ef0b4e63b2bb56c08e052aa9fd29

    • SHA512

      770d4f03e13885629713ad13649cf11ccbb399b90082f2d6f292b5642d8e59be4290d53f95e5beff6293373c638dd9d7e8d263596295151df32d6de318d425cd

    • SSDEEP

      49152:cprbfNhHCEoD9vTc1quudA1vVxtvVpbvaOBmidJpmqHCQYk6So3baK5/7wJp:0rpwHVTc16WraOBmidJpmql6x3p5/0H

    Score
    9/10
    themidaevasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks