8f9a5e9697b233ba78fd404d6d49479ae4f56d554da3df9a6f4caaa89907d290 | Triage

Submit
Reports

Overview

overview

Static

static

8f9a5e9697...90.exe

windows7-x64

8f9a5e9697...90.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8f9a5e9697b233ba78fd404d6d49479ae4f56d554da3df9a6f4caaa89907d290
Size

2.6MB
Sample

240425-aq84jscb75
MD5

067c7134aed0a7c2e19d36073ce306cc
SHA1

7831e3707b625ca345fe2c1f24661a2ad0358a18
SHA256

8f9a5e9697b233ba78fd404d6d49479ae4f56d554da3df9a6f4caaa89907d290
SHA512

a234db97afd56d5dc9a6f41ffe2ff19ddfb34dcdfd5caf44afe0ae5fc98bf89cc6a15052715d9d3497a9a1eefe6614b8c242535c72025c80d2b61b9b0feb1bdd
SSDEEP

49152:fXzhpDtKSK1cb8PGK+Tfuqmpc3elWo8GnQAsYZEVg:fXzhW148Pd+Tf1mpcOldJQ3/Vg

Score

10^/10

evasion persistence themida trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8f9a5e9697b233ba78fd404d6d49479ae4f56d554da3df9a6f4caaa89907d290.exe

Resource

win7-20240221-en

evasion persistence themida trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f9a5e9697b233ba78fd404d6d49479ae4f56d554da3df9a6f4caaa89907d290.exe

Resource

win10v2004-20240412-en

evasion persistence themida trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f9a5e9697b233ba78fd404d6d49479ae4f56d554da3df9a6f4caaa89907d290
- Size
  
  2.6MB
- MD5
  
  067c7134aed0a7c2e19d36073ce306cc
- SHA1
  
  7831e3707b625ca345fe2c1f24661a2ad0358a18
- SHA256
  
  8f9a5e9697b233ba78fd404d6d49479ae4f56d554da3df9a6f4caaa89907d290
- SHA512
  
  a234db97afd56d5dc9a6f41ffe2ff19ddfb34dcdfd5caf44afe0ae5fc98bf89cc6a15052715d9d3497a9a1eefe6614b8c242535c72025c80d2b61b9b0feb1bdd
- SSDEEP
  
  49152:fXzhpDtKSK1cb8PGK+Tfuqmpc3elWo8GnQAsYZEVg:fXzhW148Pd+Tf1mpcOldJQ3/Vg
Score

10^/10

evasion persistence themida trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects executables packed with Themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencethemidatrojan

behavioral2

evasionpersistencethemidatrojan

© 2018-2025

Terms | Privacy