d001c2b60e136d3805c2d86802158d3219d4f3952436e19191690d88fb39f638 | Triage

Sharing

General

Target

CatalystInDev_0.1.zip
Size

14.4MB
Sample

240522-ndcrgacg7y
MD5

6b112c76ce355029b96e313a95a24d68
SHA1

97a99cce899342920f27b7eb05aab4f119ae25e9
SHA256

d001c2b60e136d3805c2d86802158d3219d4f3952436e19191690d88fb39f638
SHA512

4071a0f923bf1283f4e694e7aacdd69f6fa075c6904dc2ccef0c31977f694468ed0beea024d3d14d4c1b5779141ac2a88727c837ad1370cb395d0f5eff2081af
SSDEEP

393216:FcHMYhQGzlG/EEH9hJlumOheRb5fY58Zi/SJiI:FckGzlMEEH9XlureVm5GikH

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  Catalyst.exe
- Size
  
  14.0MB
- MD5
  
  b765109a6a7d339473b61ab9a759aa0e
- SHA1
  
  ade52ded8366094eee9d2a5827bfe45b3b7a977b
- SHA256
  
  b5e63f3bbfc75de4da25277b7a9fa0b650e8e2bc72c2af0087bd09698a9d098d
- SHA512
  
  ff813e628761d8ac3ee433fcf40dfaac26dd25ae7ac5ce1680c851e4dc9c69398590007043e2eebe5da0e407c917320cea46782bed072ed72f7d3826f868292d
- SSDEEP
  
  393216:aamtGGrfI/5ONXPeDELqPV7gvjZmqyrdUzeP:3GrfqINX5Lqpgr8qyOzeP
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  fpsunlocker.exe
- Size
  
  512KB
- MD5
  
  4cd4118cdbfde48fa9a9f4f5b7bdfe53
- SHA1
  
  3f01a63b5e44cb5569f1840717cb345a4a241a60
- SHA256
  
  6c44b172775bb6006074a01384470f30fae2e1637de77e36e86064e2038528c3
- SHA512
  
  bbb5cf55ed84fe6abc4734c485a9aea6f5ef1b5f9990207ecb730aecbd6d2cf16a8fefd4c35691516478dfc422dc374970cfa6e5556dda0ca924f7d8c53559ae
- SSDEEP
  
  12288:SKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:SKyacgDD+4fwG1NaTSw
Score

1^/10
behavioral3 behavioral4
- Target
  
  pssuspend.exe
- Size
  
  383KB
- MD5
  
  1b9f1a75593dfc670fa7c54659ab5796
- SHA1
  
  c9f0c40e012f8cfe20b1e5cd6a9a7b078e89a00b
- SHA256
  
  95a922e178075fb771066db4ab1bd70c7016f794709d514ab1c7f11500f016cd
- SHA512
  
  ab7b26ce5487af2a337cabfa16908ddf72bf1f6942675760e7decee874dd0f72fd47aa42bc442fe11f71fab03106c75db0234199974c7de84d1ed3f12a9b4788
- SSDEEP
  
  6144:V/M1xPjrG1x+YgoglDni32wAO5GeLCfCsip9631L5qMbYd:W3PG1x+1+pBLCfCjGNqGY
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

behavioral5

behavioral6