88417151070ccd5906c410061a2d27faf14473607c11eecc58fa56e60f3caf4b | Triage

Submit
Reports

Overview

overview

Static

static

3

loxvanity.exe

windows10-2004-x64

Sharing

General

Target

loxvanity.exe
Size

7.5MB
Sample

240416-bww7lsfg7v
MD5

ae18d7298dbd5a2f9a1205155f9c03b6
SHA1

baf3d83ad8a391d36d0a0fdf3a0a510afa4ccc59
SHA256

88417151070ccd5906c410061a2d27faf14473607c11eecc58fa56e60f3caf4b
SHA512

a3988d5d1b8102bc1f074f6c4e1ada4db7bcf673fe81734b82b710c822698f55df5a4a6aaf3734f64cb6282b22eeb9a5eefce390bc1304cbcdff7ec0dbf0e2ef
SSDEEP

196608:Rdg6G0KaH2EGMII+QvlRXgh9OADa8k2mv899:1WEfIIDvlCiUCd899

Score

10^/10

agilenet evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

loxvanity.exe

Resource

win10v2004-20240412-en

agilenet evasion themida trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  loxvanity.exe
- Size
  
  7.5MB
- MD5
  
  ae18d7298dbd5a2f9a1205155f9c03b6
- SHA1
  
  baf3d83ad8a391d36d0a0fdf3a0a510afa4ccc59
- SHA256
  
  88417151070ccd5906c410061a2d27faf14473607c11eecc58fa56e60f3caf4b
- SHA512
  
  a3988d5d1b8102bc1f074f6c4e1ada4db7bcf673fe81734b82b710c822698f55df5a4a6aaf3734f64cb6282b22eeb9a5eefce390bc1304cbcdff7ec0dbf0e2ef
- SSDEEP
  
  196608:Rdg6G0KaH2EGMII+QvlRXgh9OADa8k2mv899:1WEfIIDvlCiUCd899
Score

10^/10

agilenet evasion themida trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- UAC bypass
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agilenetevasionthemidatrojan

© 2018-2024

Terms | Privacy