Overview

overview

9

Static

static

7

Jasi2169 N...er.exe

windows10-2004-x64

7

Techsmith ...mm.dll

windows10-2004-x64

9

Techsmith ...on.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Techsmith_Products_Hook_-_Jasi2169.rar

  • Size

    6.6MB

  • Sample

    240522-j7c7wahc86

  • MD5

    199171763bcb8aa2763d2b2413dae394

  • SHA1

    3168b51a59c1d0b1a6725186f591ee9bb017ef46

  • SHA256

    d5a200c34505465d309415de2c0b78b3f7e15e0d07583412eca72e7685ab28c9

  • SHA512

    b76e219b1e5fe068127451d9f3c8f9e4fd47cb0f20a95088e57c2bc232f0190c86590fa2fdf087efa0e03c14ff8c25a5e375e9bd0d135aa629ae74ddee4b0cc5

  • SSDEEP

    98304:8MEkb8R8sRn1dbyyPrhbCRLMJoExRYCGOdIdT84+zmGNEI1CjPe81Qj:8MEtR9nvnPr2Q/xCFdA4IX2281Qj

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Jasi2169 NFO Viewer.exe

    • Size

      152KB

    • MD5

      19fe0a06003b2cc9c702a50824199521

    • SHA1

      6b2005c9e4b8a9376e3ddedc276753c66485d8c1

    • SHA256

      70e3eb2cd8520261275ba73c70f003cbecd1d4b35466ec74d9678472aca72344

    • SHA512

      d50ab88999e60ce75a7c34a0db4c816adf89e72f2a1583e74991dceb68205d4d1e8bbefb3c501f211190118328bdc32a68fa72815c562a906dbed94b59af4fcb

    • SSDEEP

      3072:TFcS5icufP7afBrG+OcHgFmKfs1Q0WsDL2sYnW+8ToLphLoimt8Y:RXqyB6bcHOm+s+0WsDis6XLHa8

    Score
    7/10

    • Loads dropped DLL

    behavioral1

    • Target

      Techsmith Camtasia Hook/winmm.dll

    • Size

      3.3MB

    • MD5

      65fbcfeeeb2349543b40852a071a57af

    • SHA1

      55e725af29707b5fc2e6223eb7221a48119e22c6

    • SHA256

      47e1ca2cc1f871a61341f4db4cb825713f1526aca645f8437153c537e6b4772c

    • SHA512

      298b9b354611a835f6a818fccc5f5b5e68b423a013e45d804e595d02e9284f45136437372c8581602bc2c42c57cd71e79a308d9614cac0601e086368910aaa2f

    • SSDEEP

      49152:wyeiKWFQRV+/Lvmf1pH4oaOdHoNIY97d84+Uyxm2nAcxm1Sk+VCG/1+P8X81Q0:wRYCGOdIdT84+zmGNEI1CjPe81Q

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      Techsmith Snagit Hook/version.dll

    • Size

      3.2MB

    • MD5

      e32b1f323bf7a3a5c5eb0a2db0b82997

    • SHA1

      e2a8ef2f9ad9a8383491c7d028c5efd6f040e39a

    • SHA256

      b265f9a80ae5f265fcf008f2e8f9152023764beb02a8bd4d60573f532c25a161

    • SHA512

      dcd3db19ff00ecd2b95791b115f24d63bc44694cc08002762cdb9e2f2f1324e7876e1855dbd777174a58a6e3bd14df344d4831d35382fcdb104a59a1b0804bbc

    • SSDEEP

      49152:DMfqbkbDIRKbsjW2IOmyee1db/eeWyf37vEsbkvRLcy3uDN5MGTMfHMw:DMEkb8R8sRn1dbyyPrhbCRLMJoE

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks