9a0db4898e6d87a8b484c695227dcf33a9dd099ef4f73740524476c182dd2f9e | Triage

Submit
Reports

Overview

overview

9

Static

static

7

hanzowoofe...er.exe

windows10-2004-x64

9

Resubmissions

25-04-2024 08:31

240425-kevrwshb37 9

Sharing

General

Target

hanzowoofercracked.zip
Size

31.0MB
Sample

240425-kevrwshb37
MD5

d40d05d3b23249f4ceee115f864b5ab9
SHA1

6a74557489e86af9a47ba44932fd3ccb366ab0c5
SHA256

9a0db4898e6d87a8b484c695227dcf33a9dd099ef4f73740524476c182dd2f9e
SHA512

ff80a59f6108bf7b7710cff439fcbf2231ce0101217d27fdf8105d43781da4409a30b939fa764ffd09983e2b27eac7f838fff6d6ca673b5b84aecc2318d897f6
SSDEEP

786432:rVytLBdFNfkdFpNCWwlInHkhK+2bjEZNokgBEPVv:pytnXkdFpbPktAo4BM5

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

hanzowoofercracked/hanzowoofercracked/hanzopermspoofer.exe

Resource

win10v2004-20240412-en

evasion themida trojan

windows10-2004-x64

14 signatures

300 seconds

Malware Config

Targets

- Target
  
  hanzowoofercracked/hanzowoofercracked/hanzopermspoofer.exe
- Size
  
  31.0MB
- MD5
  
  3efc3953bf361a6921855261d7db3ebc
- SHA1
  
  5800977eef27d3334b317857d888aa390095f4c4
- SHA256
  
  283a8086913fe4355ff9b17d5a0037563f078b09eb4b3b50952a9192a2e974ff
- SHA512
  
  9152865d4b7bf257675a314b3a6ca9101ba2f3d9b61140b0cb9fa5364a3f436e4e4365f8232bbc86189981d6f540bab3e1501cb0092b3879e58b85e7bccc00b9
- SSDEEP
  
  786432:4VytLBdFNfkdFpNCWwlInHkhK+2bjEZNokgBEPVj:OytnXkdFpbPktAo4BM5
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Virtualization/Sandbox Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2024

Terms | Privacy