eae46c15fad3b0623ed1c72949a4ae430f4efe1f22f935dda6f17fe746918595 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

update.exe

windows11-21h2-x64

9

Resubmissions

11-03-2024 18:13

240311-wt6ngsac7w 9

11-03-2024 18:06

240311-wp2tqsab5z 9

Sharing

General

Target

update.exe
Size

9.6MB
Sample

240311-wp2tqsab5z
MD5

3b85c21e398ff87a3106a6d95dcfe422
SHA1

2984f55bcd09779f268cd1f3fc678d9b754170ba
SHA256

eae46c15fad3b0623ed1c72949a4ae430f4efe1f22f935dda6f17fe746918595
SHA512

60252f20cfe61bee1d622dcc7c99e53dab5ff7d9a9e00351b41cdd9b11dd4d0fc7dffc2eb0cdaeec7d4696d83e31ba273da089a79a0496a9be293ed978fe091f
SSDEEP

196608:23MHgPbf5cxqMYkdIMhr3IOJQ2/csUHXiDxyklIAjbvVrP8eYfUV:4ltSqMYHMhr3hnwHyDgklIAvVAhUV

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

update.exe

Resource

win11-20240214-en

evasion themida trojan

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  update.exe
- Size
  
  9.6MB
- MD5
  
  3b85c21e398ff87a3106a6d95dcfe422
- SHA1
  
  2984f55bcd09779f268cd1f3fc678d9b754170ba
- SHA256
  
  eae46c15fad3b0623ed1c72949a4ae430f4efe1f22f935dda6f17fe746918595
- SHA512
  
  60252f20cfe61bee1d622dcc7c99e53dab5ff7d9a9e00351b41cdd9b11dd4d0fc7dffc2eb0cdaeec7d4696d83e31ba273da089a79a0496a9be293ed978fe091f
- SSDEEP
  
  196608:23MHgPbf5cxqMYkdIMhr3IOJQ2/csUHXiDxyklIAjbvVrP8eYfUV:4ltSqMYHMhr3hnwHyDgklIAvVAhUV
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2024

Terms | Privacy