1566c8accabd62f97e2938e1479cffcf944c6f65f07665763fc53c243771795f | Triage

Submit
Reports

Overview

overview

9

Static

static

3

BTC PROFIT...ES.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

BTC PROFIT SEARCH AND MINING PHRASES.zip
Size

31.5MB
Sample

240221-v93fbscd61
MD5

69af5f7662909a90330ba45f04c3804c
SHA1

a27d695dbd0d73fe7e780fcd38c95707f9918fc5
SHA256

1566c8accabd62f97e2938e1479cffcf944c6f65f07665763fc53c243771795f
SHA512

260285144af17bf8b0d49c98ffd8adffc35a55a7cc0cd993b531708d1ba9e1a54db75e837297dd8e5ce55aad0901977baaf4a39bb17651e41e0e965aa4f31b02
SSDEEP

393216:toCgpQOM5p11WFs87W+K5apvFagzEHfWA/flO4tHbtlW51CUcyGpq+5WVTNvsD+x:CKOM5p1as87Lcap74OCQUZlWCiQGWD0

Score

9^/10

discovery evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BTC PROFIT SEARCH AND MINING PHRASES.exe

Resource

win10v2004-20240221-en

discovery evasion themida trojan

windows10-2004-x64

12 signatures

1800 seconds

Malware Config

Targets

- Target
  
  BTC PROFIT SEARCH AND MINING PHRASES.exe
- Size
  
  38.0MB
- MD5
  
  3b88db99494aab72d7ac7c2d07055f7f
- SHA1
  
  b24b239f4a3fc27a2585591ccefe3bbb0260d973
- SHA256
  
  9674a91f5ce59ed183e9c63e75db9a2b7d87cae36de8c8a984099e5541a1f797
- SHA512
  
  a976ca3b6f0fcb01161654381f0058fc9c268ecedaeacb855aca9a9580ff7c25e4b2178b2cc5807b9611de2b5f4529136e49491c41124db4e068abddf87500b9
- SSDEEP
  
  786432:P/wp7Q6Otq9xNYNl1/hiaU+6SW3AZmSJhwTwZ:P/8ElX3g/T
Score

9^/10

discovery evasion themida trojan
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy