Overview

overview

9

Static

static

7

unis.exe

windows10-2004-x64

9

Resubmissions

22-05-2024 13:33

240522-qty1radc55 9

22-05-2024 12:42

240522-pxr6yabg29 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unis.exe

  • Size

    82.3MB

  • Sample

    240522-qty1radc55

  • MD5

    d62574eca10f83314dc3d40d24df4e31

  • SHA1

    5b1bf403c59ac3982658580544b2266d78745d7b

  • SHA256

    4fa95df10e94a285696134171c3a79ec631e6dd9aefaf937fa5b3e93088419f0

  • SHA512

    0308e2eca3fc10e170969168943e9471390d8f9330614c5e0c92e0f3049b70e26beaa6219bfef114cce5ea72cf6b7e66adc77a7270406cd3743fd36a788a5671

  • SSDEEP

    1572864:qFXGPbLSCU/+6t2+HLc0Unhtmb2qHWB75iKC5K28hlkB4/EuUG+eoAWEZXwsSsBh:u2SC++9oxkmb2qHO5iK528/kBoVxbfZ5

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      unis.exe

    • Size

      82.3MB

    • MD5

      d62574eca10f83314dc3d40d24df4e31

    • SHA1

      5b1bf403c59ac3982658580544b2266d78745d7b

    • SHA256

      4fa95df10e94a285696134171c3a79ec631e6dd9aefaf937fa5b3e93088419f0

    • SHA512

      0308e2eca3fc10e170969168943e9471390d8f9330614c5e0c92e0f3049b70e26beaa6219bfef114cce5ea72cf6b7e66adc77a7270406cd3743fd36a788a5671

    • SSDEEP

      1572864:qFXGPbLSCU/+6t2+HLc0Unhtmb2qHWB75iKC5K28hlkB4/EuUG+eoAWEZXwsSsBh:u2SC++9oxkmb2qHO5iK528/kBoVxbfZ5

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks