Overview

overview

10

Static

static

7

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8a2665257c8ea3e462fd414d01e708dbd6431d55209b2124946c492a070a14a5

  • Size

    3.0MB

  • Sample

    240502-gqnwyaag7w

  • MD5

    cbc0e7c20664c06e20a8ecaae16c85eb

  • SHA1

    7e64a8f6bf9097fbb904d7e91add0fe7e43e9093

  • SHA256

    8a2665257c8ea3e462fd414d01e708dbd6431d55209b2124946c492a070a14a5

  • SHA512

    144e615f812c8cad74f42b5f13e9fc7a89d70a735cca950e470616cd762f94cd459127f4fec27b5b1ba27c4469112c16b5afa72343a24096b619af701ebeede0

  • SSDEEP

    98304:XAkGEg9Sp/XRKt4xQFzSYYwZE9lUXxpkIigx:XDJR6FzSFw29ixe5gx

Score
10/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      8a2665257c8ea3e462fd414d01e708dbd6431d55209b2124946c492a070a14a5

    • Size

      3.0MB

    • MD5

      cbc0e7c20664c06e20a8ecaae16c85eb

    • SHA1

      7e64a8f6bf9097fbb904d7e91add0fe7e43e9093

    • SHA256

      8a2665257c8ea3e462fd414d01e708dbd6431d55209b2124946c492a070a14a5

    • SHA512

      144e615f812c8cad74f42b5f13e9fc7a89d70a735cca950e470616cd762f94cd459127f4fec27b5b1ba27c4469112c16b5afa72343a24096b619af701ebeede0

    • SSDEEP

      98304:XAkGEg9Sp/XRKt4xQFzSYYwZE9lUXxpkIigx:XDJR6FzSFw29ixe5gx

    Score
    10/10
    evasionthemidatrojan

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks