8bdabdece28081d7655553a71eb4bdb0f0ca72f0f15b14bdc0469a7bd45f570f | Triage

Resubmissions

12/05/2024, 09:39

240512-lm2qvadb35 9

12/05/2024, 09:38

240512-ll7wgaaa21 9

Sharing

Copy URL Twitter E-mail

General

Target

KiddionsFULL.zip
Size

16.9MB
Sample

240512-ll7wgaaa21
MD5

da545bf5661aaf0507a91cecaa7ddc81
SHA1

aa0575e7bf08b0060d130e6db47f9025c3470308
SHA256

8bdabdece28081d7655553a71eb4bdb0f0ca72f0f15b14bdc0469a7bd45f570f
SHA512

48f420b653f3f79de247de23334852b8354220420db6d3bfefec0b27716915797af787d14731ec857b334043fc868299a6159873d9faf455ca3dfc8c3ac1eeaa
SSDEEP

393216:GCgs1848MPygIlJAGtH2TI/E/12tQNrpcrnC:GPsy3CygIzAAHc/dhlcrC

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  KiddionsFULL/Controles.txt
- Size
  
  370B
- MD5
  
  0b219875a6a654a4191513e89704150d
- SHA1
  
  ccf43beb48323b8d194d95ce6e685349ce7fff9e
- SHA256
  
  f43d09507117ad66130b8fa987f26f918233ba87e3a5c37311bd3ce113984f26
- SHA512
  
  d04002172de8355f4abf081a7a6b44fe6e802a0a1d75ffe482f9a62862efe3d6957b6c27a76d3e892f308d783cb6a9046bf0d0e943dacf16d466e28b21d52634
Score

1^/10
behavioral1 behavioral2
- Target
  
  KiddionsFULL/config.json
- Size
  
  3KB
- MD5
  
  3bea77ef233e2e32636ba889ceb489e3
- SHA1
  
  6a0a6be2e24cd5497fbf0298e244234716f5419a
- SHA256
  
  a8732f591cbed2b2ab923236d22948f10cb7c4011d6a1018be2fe3c8e8fbf5f2
- SHA512
  
  c924567c6c683b90b6dd31af7e976a8222d164c99137b38149ef79d4a1222b35c8bdfef155ee071e66c38b1601f3868c22c30d477fbc5f2dcd7599cd7f4be707
Score

3^/10
behavioral3 behavioral4
- Target
  
  KiddionsFULL/modest-menu.exe
- Size
  
  16.9MB
- MD5
  
  ce03d8db32b901caba01fa8b1beefe54
- SHA1
  
  76377cea7317bd28af0ccaab276bd49360936a9d
- SHA256
  
  a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4
- SHA512
  
  40ef98ee1dd411d3f634f9fe1ccdac0bc8fa5d13b1392ac5d045bf130db6efc5ebae48298d02a732fe634af953af10c004d54c3a4d5862b7f9cd6736f6ddbfca
- SSDEEP
  
  393216:YwOMvc42XGU57JO0OTOUbHvnqdLNZHgbATTT9:Yeh2Xb1Ra4LNibATv
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  KiddionsFULL/scripts/Rank Editor.lua
- Size
  
  2KB
- MD5
  
  1dafe05e2a1ed6e3e1152c03dd80b4a0
- SHA1
  
  bdc8ca248d46eda7930d4d38b638c447312d81f5
- SHA256
  
  42edc99e023b5c29906f74444c05f35f998961aa6d86b0e6f4fd6762f2a23442
- SHA512
  
  42023e55cbec593ec0e0df27939b6fedba26eeaeca7cb657e4d7db63467a881ed8b01f4dad24f6470198120121f174378f42a9bc4dc48b0445d2d16c2a2ce340
Score

3^/10
behavioral7 behavioral8
- Target
  
  KiddionsFULL/scripts/Readme.api
- Size
  
  24KB
- MD5
  
  36754844e4b9d76b810066b529af0e5b
- SHA1
  
  da8c4031d42ae41a796b409d525883b71c23bd0f
- SHA256
  
  668a8e8430485417796ea563eb97fd366fdaa2f7fc6769bf5a18626f19aef1f6
- SHA512
  
  5e0eba72a25c4d8f9727bf4ec2f3ae7dacd71b34df710bb7daf41c5f3dc6ca08473de783580d0b2982831f93394dcac485c9980f46af6973af96aeb03e9de659
- SSDEEP
  
  192:qNzc4v05Feq0hHBjBCpGjem0uezAsNpGlbWXxX5IS+wwSgU0FXxZujFS+JraytK2:h5ChWGjemBZWXxX5MO0FrujPJreOi4
Score

3^/10
behavioral10 behavioral9
- Target
  
  KiddionsFULL/scripts/demo.lua
- Size
  
  429B
- MD5
  
  a0cdff1f4eaf5af121513b9885295341
- SHA1
  
  e40fc44c5b82a8c02e7248c8b104c0f8abdc4f97
- SHA256
  
  f2b354df9b4d661f6227132c39937b8f706626886cdcf65540ebc5b78f55f6ea
- SHA512
  
  1bf19f211a11c6b88ca9583ff20c1c8ed3e14f8f7ff68622a37c5c151ef2473e41bfd2b503bcc99f6e6e3f79b6845678cecfd3e23406353f35883fbf9b2beecd
Score

3^/10
behavioral11 behavioral12
- Target
  
  KiddionsFULL/scripts/menu.lua
- Size
  
  1KB
- MD5
  
  9596bef3ecd38e99364eb58e56cd49be
- SHA1
  
  676b733db5bb30bdb7824024a1c2fc045a27b4f1
- SHA256
  
  4a7d7886622501f6b6728a0e9860fe81a1c90fd0e5f2fbe7ff94524e05e0b6b8
- SHA512
  
  f2d1b11964181b3017f12f381bc241688f18efb3901acd6697ce0ba462693ac947e1d576d88de08b8e8798680cc4e640c5ec1aa4b2a0f4ad6739904f48ce7665
Score

3^/10
behavioral13 behavioral14
- Target
  
  KiddionsFULL/scripts/sirius.lua.example
- Size
  
  468B
- MD5
  
  1fdd7bce4f24c51ec8267d7fe65b265e
- SHA1
  
  4f247776830fb30cf816f227f13d3645b8d3aa6d
- SHA256
  
  d331a1344d7354019fdeb564a21f95f85f26458f91aa93d7af58affa9728cb1d
- SHA512
  
  4bf9c85600dcab2ff532ef5f459c270d3197ea5a9d46677b4f7f1e0d2e3b3454bc5ba1f64bcb732448cbe37a71a2112511f46166ec4ba0f3db1ca14d4f685bb4
Score

3^/10
behavioral15 behavioral16
- Target
  
  KiddionsFULL/scripts/vehicle.lua
- Size
  
  306B
- MD5
  
  1eceb52600b875b85a169687fb62ed1e
- SHA1
  
  2d13ed39f1d757af9a5d07790065cc8c00c4984b
- SHA256
  
  0cddccf554633f15fbc453cd0080469c3806d7bd13824f68e3a1ee0cfb2da20b
- SHA512
  
  23baa825d5c3dfb66d1582ce6332bee8272f345742ba50977c0622c7be4fb6b9b921b473a424a2453df3cbc0ff0b473cf7897955fe09a4fd7a10d0df2ef2188b
Score

3^/10
behavioral17 behavioral18
- Target
  
  KiddionsFULL/scripts/weapon.lua
- Size
  
  277B
- MD5
  
  402a9279c76afb2c5977cf97d270c3d1
- SHA1
  
  4cd6474f3cbf9c3ca26277d5691460e8744aae59
- SHA256
  
  20d2e8d52504c96dcb846b08da138418048ed3b58128b05ddf1bde09694c5c14
- SHA512
  
  7357aff15e11de58da79a4eaa603c5ad7fb16ec426e71358e87dd14862d19c44b80896c0e66766479978bb0ba88704457b5356f9f86f6f4af41a39c52ffa45db
Score

3^/10
behavioral19 behavioral20
- Target
  
  KiddionsFULL/themes.json
- Size
  
  2KB
- MD5
  
  ecc97a512f2bee4c4344a7a4126b5a5b
- SHA1
  
  73cd4d3e586b17d307decebd1ba8bea105977e29
- SHA256
  
  b5eeb2b5d8656f0399220039f15e50c2566bf13124681f67c65f8b042d8fdc4c
- SHA512
  
  4d411ea0b3c67f2b38034fc9c1491dca070801e6521cc7cd8cdf91e2343a7caa7861313445e3d53cbe8dc8f64a0ce8169b191a054536c186dc2d1dcfba25bd18
Score

3^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

evasionthemidatrojan

behavioral6

evasionthemidatrojan

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22