Overview

overview

9

Static

static

7

PlsNoUnpac...ks.zip

windows11-21h2-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    PlsNoUnpackThemidaSucks.zip

  • Size

    52.2MB

  • Sample

    240520-p1c67aca3w

  • MD5

    c941f692075579465bef6aeca2f479a3

  • SHA1

    60ed8c2cac04c82068833d5fd4bb469fd6ed8edb

  • SHA256

    739377de921e5aebb79319c15bf32dfc2accb540c258372e816809b548cb83d1

  • SHA512

    5948b71a606eac97c53110d999290fb3d0b0d36aae6c86589e8ce3c2a9af72906cda076ba1f5cba736e44f75c153467e68f025b4e3d85387eb244ae2c07920af

  • SSDEEP

    1572864:wUR3+YbHPMbfsVwZTx9PuPl/Fjq1ADsPUyoa+IxDeAsArSZGaW:PRugH8jx90Fq1wUNheAPaGV

Score
9/10
evasionpyinstallerthemidatrojan

Malware Config

Targets

    • Target

      PlsNoUnpackThemidaSucks.zip

    • Size

      52.2MB

    • MD5

      c941f692075579465bef6aeca2f479a3

    • SHA1

      60ed8c2cac04c82068833d5fd4bb469fd6ed8edb

    • SHA256

      739377de921e5aebb79319c15bf32dfc2accb540c258372e816809b548cb83d1

    • SHA512

      5948b71a606eac97c53110d999290fb3d0b0d36aae6c86589e8ce3c2a9af72906cda076ba1f5cba736e44f75c153467e68f025b4e3d85387eb244ae2c07920af

    • SSDEEP

      1572864:wUR3+YbHPMbfsVwZTx9PuPl/Fjq1ADsPUyoa+IxDeAsArSZGaW:PRugH8jx90Fq1wUNheAPaGV

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks