22c4e0b818427a4dd34c3f9718c36a8da6062b69eb693446d143370ac95cbf8d | Triage

Submit
Reports

Overview

overview

9

Static

static

7

crack.exe

windows7-x64

9

crack.exe

windows10-2004-x64

9

vanityaio.exe

windows7-x64

9

vanityaio.exe

windows10-2004-x64

9

Resubmissions

20/05/2024, 17:11

240520-vqak7saa65 9

20/05/2024, 17:02

240520-vj468sae9x 9

Sharing

Copy URL Twitter E-mail

General

Target

vanityaio.zip
Size

9.8MB
Sample

240520-vj468sae9x
MD5

2b2e0d8ac5def470bec33da7faa55e33
SHA1

34cef2268860677066391845d670d2416bda704f
SHA256

22c4e0b818427a4dd34c3f9718c36a8da6062b69eb693446d143370ac95cbf8d
SHA512

cc019f0b30005d426fbe259ad05f8e01c72c09c0922829ee2d96eaded39c1e7a71b657d093aaf879105b90666e0b862e062334d0898e71ecd1be08ba3cde6e5f
SSDEEP

196608:kRY55VKGy3Q+v6vUzOfSVK+aEEcMmmr83Kimjz5Hw1e74EwA6t4Lgt:k47Ki+1zOfSjZmC1C7Ngt

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

crack.exe

Resource

win7-20240221-en

evasion themida

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

crack.exe

Resource

win10v2004-20240508-en

evasion themida

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

vanityaio.exe

Resource

win7-20240221-en

evasion themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

vanityaio.exe

Resource

win10v2004-20240508-en

evasion themida trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  crack.exe
- Size
  
  3.4MB
- MD5
  
  397ef5fd97134cb5d686a89eeab05eed
- SHA1
  
  61503ac7ab392acffba436a38b91f92b97407d8f
- SHA256
  
  9d0f3afd556a1f3a24cb22613357dcd04e7ac08d4e5eb22060106a932dacdce9
- SHA512
  
  a1f7560e4160eb62f23c6871314d3cdeb9db05e8653a9d05e5ce6f342ff9fb7f11316e9f0040196394a1725bcbc1e5010bc7a8763a5896a035da545be6aed6a2
- SSDEEP
  
  49152:Z6D0LjBn8/PkyiZYq6cVERznwOnqswS/KtJ78JEmm8PKXnPrADkMT39:7/VeJwYUQXqpAVmmm8PwnoT39
Score

9^/10

evasion themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  vanityaio.exe
- Size
  
  8.1MB
- MD5
  
  81966c43ceea7c02fda05ee98669b6e2
- SHA1
  
  a50256a83d6178a6465841fc0927d8659c0042b5
- SHA256
  
  5b942d3b1600c17aa7ba4cfcddb9b956cdc66cbea10543df4dc3b844dd463831
- SHA512
  
  29910374eb6a298780500a2941750a40b07826c87683ce421fcbc45cd2d6d88afcd90f1a965ce02ef7e4306d0fdbb948f23abb3ed4e433d68739fa8c05c46dda
- SSDEEP
  
  196608:2HnHM7KtgZm/uQ7mDZW+hHrku+jcheCfkGnx:2Hs7KtgH1+c
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

evasionthemidatrojan

behavioral4

evasionthemidatrojan

© 2018-2025

Terms | Privacy