Overview

overview

10

Static

static

7

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66be338a2b69c79988e289ea8152ac82a734af3b1b3369fc81aa6e067fbadad8

  • Size

    2.1MB

  • Sample

    240427-l29d8sgb88

  • MD5

    1e269e26ea4a5f579d636235bc1f8819

  • SHA1

    f867e3d82efdebd92ffa75bb942e93f70c80da56

  • SHA256

    66be338a2b69c79988e289ea8152ac82a734af3b1b3369fc81aa6e067fbadad8

  • SHA512

    d4d7d82e20c9ab8c5bf07ce79bad6abf2a803cf026030d085bff3abba175b91a3846c925210086e955049022cd7800bb910788c59679fecedf822cc44a191335

  • SSDEEP

    49152:v1ihe7S5MxRKpaDej+DphytQKqajLO+otS2ZU:vHS6xRKpaDKmpotHfO+ottU

Score
10/10
riseproevasionstealerthemidatrojan

Malware Config

Targets

    • Target

      66be338a2b69c79988e289ea8152ac82a734af3b1b3369fc81aa6e067fbadad8

    • Size

      2.1MB

    • MD5

      1e269e26ea4a5f579d636235bc1f8819

    • SHA1

      f867e3d82efdebd92ffa75bb942e93f70c80da56

    • SHA256

      66be338a2b69c79988e289ea8152ac82a734af3b1b3369fc81aa6e067fbadad8

    • SHA512

      d4d7d82e20c9ab8c5bf07ce79bad6abf2a803cf026030d085bff3abba175b91a3846c925210086e955049022cd7800bb910788c59679fecedf822cc44a191335

    • SSDEEP

      49152:v1ihe7S5MxRKpaDej+DphytQKqajLO+otS2ZU:vHS6xRKpaDKmpotHfO+ottU

    Score
    10/10
    riseproevasionstealerthemidatrojan

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks