Overview

overview

9

Static

static

3

17d359336b...f0.exe

windows7-x64

9

17d359336b...f0.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0

  • Size

    8.9MB

  • Sample

    240522-ptasgsbg7s

  • MD5

    11960e3e037341c6a3853c5654ba1b18

  • SHA1

    59e1bbe18ab48d8536abaf4ec44cd46321bc4c4f

  • SHA256

    17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0

  • SHA512

    8fb6872a74e24f79a66081bdf3b7220c571d65dfc70a32237ec71490e6138cd7e096c09d0945686da7c4417a8ae24af81bfc1a5294ea79094db0b838e296699a

  • SSDEEP

    196608:5LDeQYhr1uJ9jSOBIt0IrT+tk5sLU+hTKNMI9:hKmJJSQICIrT+tk56hTKNp9

Score
9/10
evasionpersistencethemidatrojanupx

Malware Config

Targets

    • Target

      17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0

    • Size

      8.9MB

    • MD5

      11960e3e037341c6a3853c5654ba1b18

    • SHA1

      59e1bbe18ab48d8536abaf4ec44cd46321bc4c4f

    • SHA256

      17d359336bdd68246d4041036c5ab62f85f1a15cdad53095e3fe0203449752f0

    • SHA512

      8fb6872a74e24f79a66081bdf3b7220c571d65dfc70a32237ec71490e6138cd7e096c09d0945686da7c4417a8ae24af81bfc1a5294ea79094db0b838e296699a

    • SSDEEP

      196608:5LDeQYhr1uJ9jSOBIt0IrT+tk5sLU+hTKNMI9:hKmJJSQICIrT+tk56hTKNp9

    Score
    9/10
    evasionpersistencethemidatrojanupx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks