455f521559d39f72b162cb5e68e301b8427113e073d2ccbfa956ca20742ab956 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Dream by Vroom.rar

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

Dream by Vroom.rar
Size

36.5MB
Sample

240424-1tstvaac91
MD5

3ede86ac03b7044251133610ff8a3181
SHA1

6fdfe86aaf67ecfc55cd220e682eede7415ed323
SHA256

455f521559d39f72b162cb5e68e301b8427113e073d2ccbfa956ca20742ab956
SHA512

5730247feb3c63c182136198dcf80be46ae0537cb1b2fd9bb95f720e98e30898ebcfb9b49d96989cf5e2a0951529f3a5d5e4d765f145124e927cd4f5788befa8
SSDEEP

786432:FHF/z/Er7oy4PeO8uRzRUxLltOSOb2xHF/z/Er7oy4PeO8uRzRUxLltOSObA1T2G:lxsIy4PeNuRzsLlpObwxsIy4PeNuRzsR

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Dream by Vroom.rar

Resource

win10v2004-20240412-en

evasion themida trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Dream by Vroom.rar
- Size
  
  36.5MB
- MD5
  
  3ede86ac03b7044251133610ff8a3181
- SHA1
  
  6fdfe86aaf67ecfc55cd220e682eede7415ed323
- SHA256
  
  455f521559d39f72b162cb5e68e301b8427113e073d2ccbfa956ca20742ab956
- SHA512
  
  5730247feb3c63c182136198dcf80be46ae0537cb1b2fd9bb95f720e98e30898ebcfb9b49d96989cf5e2a0951529f3a5d5e4d765f145124e927cd4f5788befa8
- SSDEEP
  
  786432:FHF/z/Er7oy4PeO8uRzRUxLltOSOb2xHF/z/Er7oy4PeO8uRzRUxLltOSObA1T2G:lxsIy4PeNuRzsLlpObwxsIy4PeNuRzsR
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2025

Terms | Privacy