Overview

overview

9

Static

static

7

Horizon-Ex...ed.exe

windows10-1703-x64

9

Resubmissions

19/03/2024, 21:13

240319-z281csfg73 9

19/03/2024, 21:11

240319-z1sxragd7t 9

19/03/2024, 21:07

240319-zypgjsff76 9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Horizon.zip

  • Size

    3.6MB

  • Sample

    240319-z1sxragd7t

  • MD5

    0e46d5b538da36159dd3e16334770043

  • SHA1

    764e570a9ea4dc4ce978dd05c454bbfb18cb8eba

  • SHA256

    9b6b37cf589a81581f3f33ddc609a6f5ff6f8b191033216507095791235a30f1

  • SHA512

    7cdbe65ddaff86937ac57750bab571c8ca428d5cb369c4b69f0a12f47572673a53cc1506f217c18629af2d861850bec0a73eb356b4715bc14b2058c7a14cdd15

  • SSDEEP

    98304:4hmiKbgbYnQr3T3XsT46OHAD6pPwW/cK3:4si/PcT46OHVPJ/cA

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      Horizon-External_protected.exe

    • Size

      3.6MB

    • MD5

      021a87c5dbc451e09bd55a9cc16898ae

    • SHA1

      1e386f77cfcd5200e66eacc9467f23d7cabc728f

    • SHA256

      e2b0d3521eaffd8f5ac35d7556f12120741ba678acbbe43ff2184d653653ca1b

    • SHA512

      d5f536c0d0ed0494c887af8b077fde0dda0c4db56bd1fb49a20051e0dfeee94ae63a7080a9a5da22fc6687cbb59705285edf3c998885881298f9f8311e09e15e

    • SSDEEP

      49152:3hJFwrKCOeDL/9FFwpa3cpna60WVstlpu72qkuuQNwKku2IelqjCHq9pVfrxfvwf:3hgOCOEzd3r60tOjKfWeMemnZRmOhh/q

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks