f2d1fb73dd67874bbe69ad8e55994c498dc76fcd45969ed37af78a954cfd6a34 | Triage

Sharing

General

Target

Loader.zip
Size

11.4MB
Sample

240309-m7dp7afb57
MD5

7b095edbb1a4d840a001b623c8ade758
SHA1

f29e0daeab131bf34ab265b45edbfc1f295aa33b
SHA256

f2d1fb73dd67874bbe69ad8e55994c498dc76fcd45969ed37af78a954cfd6a34
SHA512

d7f766cd495140a0d141a3daec0df0ee4579bdfafdcfe1e9031b664981d5b9ac5c14190e4da06d3b596770a4b4cf209c1aff31a0edb640ca4ff06da043666ac5
SSDEEP

196608:7rLTwbCwo664T6ShbetvQjoDYc86euwQgMYskakSk92sP1xtNBwXbg2r8DPiMwa6:7XTCo6vOibGvao8VJoUsvk9Prt4XbjI4

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  Loader/Permament_Mac_Changer.bat
- Size
  
  1KB
- MD5
  
  707c798832f76eb383a0501b2773ec32
- SHA1
  
  3ebd0413af9929109ea0eb0045a2d26a256e771f
- SHA256
  
  940f3e68e62ad73c0668e854d821d88eacc8ea8fb8e130e42a34368ae9f5852e
- SHA512
  
  13e92ef958cfcc5686a2886b4a011f2287ec261028db0c6816d738eb715490d69ca37f8232e7bb3bebd5d49ce65bf4b9f55ae12d4af056bf569e5a1dba2f3da9
Score

1^/10
behavioral1 behavioral2
- Target
  
  Loader/Render.exe
- Size
  
  7.9MB
- MD5
  
  6fb0f4100edb81e9db8581c4424be171
- SHA1
  
  12555aad36e75f3caedea6b2b834154a0a95c880
- SHA256
  
  55ef52db75cd48a2fcd03fff69e7e8a31ebf26d4ef170d0c9e68765624278116
- SHA512
  
  dafd9bdb3b0c031645e6f7e6f684a6d4baf4a4a62efb3ff2c4537699cee188d25b46f917a247dc1e42b337574e32ddb675ce33ff41a373b995ec362b1607fda3
- SSDEEP
  
  196608:Saz4mfp7n4GEiVuEwujjhg3i1UHJt5VrJmYTz/:SaE8n4+V6u3O39H73ggz
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  Loader/applecleaner_2.exe
- Size
  
  3.6MB
- MD5
  
  f96eb2236970fb3ea97101b923af4228
- SHA1
  
  e0eed80f1054acbf5389a7b8860a4503dd3e184a
- SHA256
  
  46fe5192387d3f897a134d29c069ebf39c72094c892134d2f0e77b12b11a6172
- SHA512
  
  2fd2d28c5f571d40b43a4dd7a22d367ba42420c29627f21ca0a2052070ffb9f689d80dad638238189eed26ed19af626f47e70f1207e10007041c620dac323cc7
- SSDEEP
  
  98304:z7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6Ko:e+y4ihkl/Wo/afHPb
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  Loader/checker.exe
- Size
  
  89KB
- MD5
  
  818d090723ae48a45926a1ce0d6908d4
- SHA1
  
  e8db4f88fd48e65b600384cc1f35fbb159d0e365
- SHA256
  
  97b2611530393fda8377b0bac136c8960afea7fccba321faecb5927c3c971321
- SHA512
  
  14a97597f51ef967fc2ea453ec86719ea733a698d08e1b4a71edfcce86cc51dca0c090d68a1fe750dd699481dae82e29690119670d39c253776e7c79cf2dfb89
- SSDEEP
  
  1536:b7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfgwD:37DhdC6kzWypvaQ0FxyNTBfgm
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

evasionthemidatrojan

behavioral4

evasionthemidatrojan

behavioral5

evasionthemidatrojan

behavioral6

evasionthemidatrojan

behavioral7

behavioral8