80239e405eb3e2682ec403d2950cce4967dfe3fc8d99e5cbb54319ad4b7e4796 | Triage

Submit
Reports

Overview

overview

Static

static

7

setup.exe

windows7-x64

setup.exe

windows10-2004-x64

Sharing

General

Target

AppGate8.7z
Size

5.2MB
Sample

240522-masg3sbf5v
MD5

a7cb69e2eccedfc761fea497fee23817
SHA1

596f39448ba0e41da3dbbf4ea0cd9235d36f679f
SHA256

80239e405eb3e2682ec403d2950cce4967dfe3fc8d99e5cbb54319ad4b7e4796
SHA512

2c7d6cb015dc7c565b501e8860140f68039362fb008e1e83cadc4625b95d0beee204a931f118cbb262eee6a937ada00dc47d2b6f56203dd65a07c0989584dd60
SSDEEP

98304:ksPDPZWiyj991AU+LOKvI5kGpRfEysw/D8mwl3mZKFU+IX1Aezl1g:ks0iyZPISjWCl/D5uCXPlG

Score

10^/10

evasion spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7-20240508-en

evasion spyware stealer themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10v2004-20240508-en

evasion themida trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  714.0MB
- MD5
  
  383b1ce635fbd7f36f07170e0e797230
- SHA1
  
  71e9b983731a7d7b2aba27630c697abddbd178f8
- SHA256
  
  4dbeeb2abcdd9bec7eeb7e8e3ad7b3592de6c5c176028156659c423ad9c29d39
- SHA512
  
  822a66e4fd65addcecce5b2c90cf682fc77cd19240c4f37b0235ec3d827699862c23a6ccfe547e6a48ffb87cfefe9cfdba360981dab8b396ddce679e83555657
- SSDEEP
  
  98304:iG6NKVNNu5qMju5yAID3tReesIeYVQj/Ay6giF6blZHlxrwepH:ilFqMiQ3dZyoy6MdH
Score

10^/10

evasion spyware stealer themida trojan
- Modifies firewall policy service
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionspywarestealerthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy