6b98df9da707ff13448111df1c10ce17fefb9b7af9c3350338d1682176702b34

General

Target

6b98df9da707ff13448111df1c10ce17fefb9b7af9c3350338d1682176702b34
Size

10.6MB
Sample

240522-jh6g5age76
MD5

45cac55fb7c890c5ffc481e10a790b25
SHA1

359a3ab3286baa2784e228e96a2274b5b34d98a9
SHA256

6b98df9da707ff13448111df1c10ce17fefb9b7af9c3350338d1682176702b34
SHA512

053be8e6938054d2f13ee57cad10f61d622c273af8738fac2cdd42281d11674093f95b54bfec7df967439d8296c58b0039f20c7680d65e15ddb0d791c82612e0
SSDEEP

196608:BLmwxMQjtlynqE6h4+ALQ0L4/5yAkl3DWkF0CiKD2rfb7C/aukf6:BLtjjtJEs5AXsBh03BFeKD2X7CSdf6

Score

9^/10

Malware Config

Targets

- Target
  
  6b98df9da707ff13448111df1c10ce17fefb9b7af9c3350338d1682176702b34
- Size
  
  10.6MB
- MD5
  
  45cac55fb7c890c5ffc481e10a790b25
- SHA1
  
  359a3ab3286baa2784e228e96a2274b5b34d98a9
- SHA256
  
  6b98df9da707ff13448111df1c10ce17fefb9b7af9c3350338d1682176702b34
- SHA512
  
  053be8e6938054d2f13ee57cad10f61d622c273af8738fac2cdd42281d11674093f95b54bfec7df967439d8296c58b0039f20c7680d65e15ddb0d791c82612e0
- SSDEEP
  
  196608:BLmwxMQjtlynqE6h4+ALQ0L4/5yAkl3DWkF0CiKD2rfb7C/aukf6:BLtjjtJEs5AXsBh03BFeKD2X7CSdf6
Score

9^/10

evasion themida trojan upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Loads dropped DLL

Themida packer

UPX packed file

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2