c83921c8dda800ef24ebe873ec175617110dc9deb2629d1107f219ca30caece3 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

applecleaner.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

applecleaner.exe
Size

3.3MB
Sample

240315-yvjw8aab4t
MD5

ba268b881bccd2784fe98289eec8ad72
SHA1

0c4e7f1473fb7ab22427480c3d784b6e0e404956
SHA256

c83921c8dda800ef24ebe873ec175617110dc9deb2629d1107f219ca30caece3
SHA512

30c836bb91ef96f5952571bba27d08c32011e619890fae392f882e5c7db7558ed26e6aa1fbdc2ce7d22c0a6aebc580e17ae807de70d99945cb2b438bd8cbbb3b
SSDEEP

49152:98jzvhuGMsOTenal2tV594MzhJD3TMgwQiPRxksa2EQUFO0JIbn6/ubWYY725hXQ:9QFXlbnal2XDhZRwRVsE0JDoWYJPXLk

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

applecleaner.exe

Resource

win10v2004-20240226-de

evasion themida trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  applecleaner.exe
- Size
  
  3.3MB
- MD5
  
  ba268b881bccd2784fe98289eec8ad72
- SHA1
  
  0c4e7f1473fb7ab22427480c3d784b6e0e404956
- SHA256
  
  c83921c8dda800ef24ebe873ec175617110dc9deb2629d1107f219ca30caece3
- SHA512
  
  30c836bb91ef96f5952571bba27d08c32011e619890fae392f882e5c7db7558ed26e6aa1fbdc2ce7d22c0a6aebc580e17ae807de70d99945cb2b438bd8cbbb3b
- SSDEEP
  
  49152:98jzvhuGMsOTenal2tV594MzhJD3TMgwQiPRxksa2EQUFO0JIbn6/ubWYY725hXQ:9QFXlbnal2XDhZRwRVsE0JDoWYJPXLk
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Modifies Windows Firewall
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2025

Terms | Privacy