General
-
Target
Thorium_SSE3_123.0.6312.133.zip
-
Size
257.1MB
-
Sample
240425-za4assed42
-
MD5
9ea8abfc92f30a3f75d6494f5798277e
-
SHA1
217830880c52b95cf0f8d36f4c0edc0ce4712513
-
SHA256
90498c885f4ec21badd948cb84f81a846bf853de58551248df94c9dd9b074fd8
-
SHA512
b929408e983044791caedc36177e4de4d49bae640f62f6c7e2d45e8b12b5ecbda8c437d51d26fb34c94af54a946e1302207ca0c2b8a02a3d657ba70f43c49e47
-
SSDEEP
6291456:zjySOrZxK4R3rNiEnTn2kLWgr5kN6k1104yDD80qE5pCEa1Ln3i7:zMjb5f2Wfr5kN6g10LE0qE+Ea1u7
Static task
static1
Behavioral task
behavioral1
Sample
Thorium_SSE3_123.0.6312.133.zip
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Thorium_SSE3_123.0.6312.133.zip
-
Size
257.1MB
-
MD5
9ea8abfc92f30a3f75d6494f5798277e
-
SHA1
217830880c52b95cf0f8d36f4c0edc0ce4712513
-
SHA256
90498c885f4ec21badd948cb84f81a846bf853de58551248df94c9dd9b074fd8
-
SHA512
b929408e983044791caedc36177e4de4d49bae640f62f6c7e2d45e8b12b5ecbda8c437d51d26fb34c94af54a946e1302207ca0c2b8a02a3d657ba70f43c49e47
-
SSDEEP
6291456:zjySOrZxK4R3rNiEnTn2kLWgr5kN6k1104yDD80qE5pCEa1Ln3i7:zMjb5f2Wfr5kN6g10LE0qE+Ea1u7
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4