Overview

overview

10

Static

static

10

2b3aa9f8d9...84.exe

windows7-x64

4

2b3aa9f8d9...84.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DRCom.dll

windows7-x64

9

DRCom.dll

windows10-2004-x64

9

Qt5Core.dll

windows7-x64

1

Qt5Core.dll

windows10-2004-x64

3

Qt5Gui.dll

windows7-x64

1

Qt5Gui.dll

windows10-2004-x64

1

Qt5Network.dll

windows7-x64

3

Qt5Network.dll

windows10-2004-x64

3

Qt5PrintSupport.dll

windows7-x64

3

Qt5PrintSupport.dll

windows10-2004-x64

3

Qt5Svg.dll

windows7-x64

3

Qt5Svg.dll

windows10-2004-x64

3

Qt5WebKit.dll

windows7-x64

3

Qt5WebKit.dll

windows10-2004-x64

3

Qt5WebKitWidgets.dll

windows7-x64

3

Qt5WebKitWidgets.dll

windows10-2004-x64

3

Qt5Widgets.dll

windows7-x64

3

Qt5Widgets.dll

windows10-2004-x64

3

Qt5WinExtras.dll

windows7-x64

3

Qt5WinExtras.dll

windows10-2004-x64

3

Qt5Xml.dll

windows7-x64

3

Qt5Xml.dll

windows10-2004-x64

3

iconengine...on.dll

windows7-x64

1

iconengine...on.dll

windows10-2004-x64

1

icudt57.dll

windows7-x64

1

icudt57.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584.exe

  • Size

    43.1MB

  • Sample

    240523-bmqcpsgb31

  • MD5

    c75b5515952ea615219e1991c4592236

  • SHA1

    2ade0a6c621b36f727e461059c3cdf2126d4bfca

  • SHA256

    2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584

  • SHA512

    65686328dc3ccec012871be9a1dcdc0aee0b0337ddf2ceeb689c4427a7a626091153a296a24ff4108dcca4e6247c2505e9375057172c56584f75dc82de4acb61

  • SSDEEP

    786432:fV/UMe6yXkT3cCJ8FI5G4FtOOVPILJ8G+WwwlavmeeOEcI0wP0XECxgejlot:fVsMgXB2wpO1ILCTwlavmdOTLUCxLot

Score
10/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584.exe

    • Size

      43.1MB

    • MD5

      c75b5515952ea615219e1991c4592236

    • SHA1

      2ade0a6c621b36f727e461059c3cdf2126d4bfca

    • SHA256

      2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584

    • SHA512

      65686328dc3ccec012871be9a1dcdc0aee0b0337ddf2ceeb689c4427a7a626091153a296a24ff4108dcca4e6247c2505e9375057172c56584f75dc82de4acb61

    • SSDEEP

      786432:fV/UMe6yXkT3cCJ8FI5G4FtOOVPILJ8G+WwwlavmeeOEcI0wP0XECxgejlot:fVsMgXB2wpO1ILCTwlavmdOTLUCxLot

    Score
    4/10
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      5f35212d7e90ee622b10be39b09bd270

    • SHA1

      c4bc9593902adf6daaef37e456dc6100d50d0925

    • SHA256

      31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

    • SHA512

      7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

    • SSDEEP

      192:E4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjaK72dwF7dBOne:tn3T5KdHCMRD/R1cOnrja+BO

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    behavioral5behavioral6

    • Target

      DRCom.dll

    • Size

      2.8MB

    • MD5

      3c8493c81b10ccb36a153cb7b4a6e6d7

    • SHA1

      8834fed8a9595f35e86c6b39eb2993b85041344e

    • SHA256

      ac8353cad0c254f179eaa67eec12392da4847931f2d8f4bddfcf732d5eabd77c

    • SHA512

      ae057e71e0ae0dcb55cc8cac44fa9af986a11d4e8b6eec293ad061685f3f52d930d5746f32b42f0e601359c117a94f37e6529f336293a429ba2a51b8c62569ed

    • SSDEEP

      49152:82TB73A+tsF0cPhBQqOwzuWJgNmVc5l9+YW9FXtJi0b5cHU50Qsh/:84R6qcPJuNmVMYYO3Ji0b5cH407h/

    Score
    9/10
    evasionthemidatrojan

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

    • Target

      Qt5Core.dll

    • Size

      4.9MB

    • MD5

      e0e4aa23b2b9787eed9111ab6eaa811e

    • SHA1

      cbff84498ed64a1fa6370890dd8f2556e4ff17b9

    • SHA256

      9690349557ab3a572a7b7613edab185207fe465f72e13d6fe78d2237d09d0d49

    • SHA512

      e6d21fd0df4a47541ce50f76177d29ae8676fc8ea91fc403011a0d757ae72d101eabbf3bccd1c819113b5946e45a17c56e3d59d286d404e73ca141d57a68582c

    • SSDEEP

      98304:bdXta6foooJsv6tWKFdu9CPv+l4rGcU0HU:RgJsv6tWKFdu9CP96

    Score
    3/10
    behavioral10behavioral9

    • Target

      Qt5Gui.dll

    • Size

      5.2MB

    • MD5

      ff5a427898147253c594ef567a1ccbdc

    • SHA1

      84a59f455c820dda1ba29b7150b604f5ecdd9454

    • SHA256

      2f6257a9908e8e0890cebbc368c6ff24bf6fb8014356ce901689086a65899c22

    • SHA512

      69f492c0763db30166ce53da3e5c75c817e5dc2367671483d0295854142f44fb68e97bb3454deb01c35d2a5bb6b0edb762b326292f2f6e2c13c510ffc617cd2a

    • SSDEEP

      49152:thR7VlvpczZEgyebEHyyaeo3bMwDLoewKAx/OrBPV5YFCW/zNwbGD:Rvre8yXgwDL4KNWqY

    Score
    1/10
    behavioral11behavioral12

    • Target

      Qt5Network.dll

    • Size

      1.0MB

    • MD5

      f2635b5407e18378424b0305bb4af3bd

    • SHA1

      1d99b34c86899aa5f0c0e207447ff5fb8f940f1f

    • SHA256

      7275247f31ae54b3ba3a3591ed527c272248c4bb24fe433bb1ede8327b7e3b54

    • SHA512

      16a818ebdbcc11f776303c10bf65fcb35c607712f34226ea2964d86ff94bf01c622b2ca12bf525916813b98d1f0eca0783e2020d461fadb18abe8eb2709e23c0

    • SSDEEP

      24576:ItcRAfx7bLxTn3qJSr7IsrozCBDST/hrjw:IBfJ13y+2T5w

    Score
    3/10
    behavioral13behavioral14

    • Target

      Qt5PrintSupport.dll

    • Size

      271KB

    • MD5

      cfa74cc899a426212c1f82b2d1fbe583

    • SHA1

      cc42712a2df7cc7baa5a4c7e0ddf95008c1e33f4

    • SHA256

      1d7d0684d22b20b6d96b64325100364e9bce95de9d962812518da7ac80f12424

    • SHA512

      7e3883913f4916858d61abc91dbf84af64be9945056264ab94b543813cd69e2240c963b888b8b17428b7395126542d9c4606ce0822d02937e41bb35ca1f63b57

    • SSDEEP

      6144:6VFeifiHgE1SCAR9a4/UBt3Phcl3I90HMeG0tKhCPxS+plM4tPER0FEj/3cA28mL:6bEU93/0zYce

    Score
    3/10
    behavioral15behavioral16

    • Target

      Qt5Svg.dll

    • Size

      308KB

    • MD5

      d62af9cefed0bfed09017b21f66653ea

    • SHA1

      9306e0b49024cb9905b3dab26ea180fd50c0f267

    • SHA256

      d9bb5bd0928c7c67e3ab9b5cbaf2f79ccc52bf93e783667412d7b45b2ec20c4f

    • SHA512

      2d45b546c28045a6d895b3adad96419d71ac0d02b1481e463e16d9c74a3c02f05069afc67c37338fda7c3d8675774278627b3c5a3904762c95b8f02c0be42005

    • SSDEEP

      6144:bxLY3I53XvOkdkHogyQsokNYgYnrUuQG+3m2uAVJUVXpyYvYPK151QPwc8JUp8dy:75nfNYgsrUuQXm2uAVJidy

    Score
    3/10
    behavioral17behavioral18

    • Target

      Qt5WebKit.dll

    • Size

      34.5MB

    • MD5

      404d9879e3389a9f92d3c1e1b9650306

    • SHA1

      3200e9cb698a995605014b1342da59745f2fc9f7

    • SHA256

      a6465c2c4e5f72712f1d67818a675416fdc5d264b0176b991122ff00a428efd1

    • SHA512

      3050686dbe06ec3289ac64ed5ba24697fb8abbf06d65d498464093240f6c41833394e6dfde5ac74d380408ef80eeff5f2b1d887c5df9815dba04eb2922772e0e

    • SSDEEP

      393216:469BQY6Mi56onRz1StQcoLaD6ijfPWZSWlH80GoW+ekpb:ZQm8vSCxafPWZSWlcDD+ekpb

    Score
    3/10
    behavioral19behavioral20

    • Target

      Qt5WebKitWidgets.dll

    • Size

      229KB

    • MD5

      02e71fbf51367d02838e1b1a925c7de3

    • SHA1

      6f30fc14124b2b7ee77eb765f2137e10b2f313a1

    • SHA256

      7333f3f5a21ca7871ec9b12c2bec8da3c21329d7b2c7f2aad5ac940d7bc624d9

    • SHA512

      fb8a9c921ffa33075bd9d4992e18274925bbb8620c0a98bcff35c12340468820795c9cf6d48211a4774882d6fefafe9a38e6ea58947cef58881a88bdf9650cc6

    • SSDEEP

      6144:XKlA+hujV5DFkAfHWoHkdVEna4xJIfxwLMgS0M+VvP9k4YRw:alAyKU2kk

    Score
    3/10
    behavioral21behavioral22

    • Target

      Qt5Widgets.dll

    • Size

      4.4MB

    • MD5

      f282465a3b99c704bc1459e703d07445

    • SHA1

      8e6b4cf669f0022d51600e2fb712452c5945d4d6

    • SHA256

      32eba0cfbe2360e8a6cf8664cfd3e17737a63634092fbc5033a382321ff59548

    • SHA512

      4315a8204655e2dfebbc48fbcc7f579f53b6c9f5cb42d7723100a45bfc233e2c38caccdeb36dba51f34849f184864a3bc5a4f8d9fd9fe6013832d63a68c08b86

    • SSDEEP

      49152:sBrlvPXG8dF8A7sTCRoHEKgzqVK8u0nfhDgchW:sBte8H8AEHEzOnfhDgchW

    Score
    3/10
    behavioral23behavioral24

    • Target

      Qt5WinExtras.dll

    • Size

      387KB

    • MD5

      ba93ba118e23d554a72fc883cb7db3d3

    • SHA1

      44d2e741d00502381805ed1ce1a28b3dd8720f62

    • SHA256

      aeff0b647c03661ac15e0874c448f1ed652d1fe0b0f3cb1bed4cb7b01a36f879

    • SHA512

      5471b215596b0768ace72c6f59ae789ebeee07ad58f984e339fdc1c194a3512dc6aa20ed772c11355244b7527556894bca0fd0cff22a58f4b3b830a5001100ea

    • SSDEEP

      6144:HWRX1JxfdvbvcBih8W53z9gH5A1N7nAPhynwvq84Ce+FbmMExhHlER:HWRXPZ+WQgEbZExxQ

    Score
    3/10
    behavioral25behavioral26

    • Target

      Qt5Xml.dll

    • Size

      159KB

    • MD5

      0a3146fb0c27fa693fa9865df65935ee

    • SHA1

      04df0d07883311ca3183f025d07c334e25b5f41d

    • SHA256

      664a36f83473e6685fa12ea2dcaab84a48bdbd51e37bb6b0f25fd05bb56d554d

    • SHA512

      8ff2257d1ae2ff90d0dc1b0b097db52ff864869de0cf8fe4302fe25fad23dff92d61bff7a68d63ced81c91b50a81687f7fb25837465a82adf19d9d9408b0ae96

    • SSDEEP

      3072:2tw+g2Vs2c1yUJfLxhKeM2NDFU/st1GVG6FUA+gvJ1Qa3lK5atyZMM7JMe:2twr2VHGtXNvt1boJ1Qa3lCMeMe

    Score
    3/10
    behavioral27behavioral28

    • Target

      iconengines/qsvgicon.dll

    • Size

      53KB

    • MD5

      bf1715c5545462372fd5cfc54d4c9e07

    • SHA1

      45a3cabce634876b9747181c6db733bccfe3f075

    • SHA256

      c1775755b82a76aaa9ed6559512888bf2280a5644557a82e600a06c7dbd31204

    • SHA512

      bc05b67ca0b5933c2dcfdf33ca58e81630d6887b78794c8ac59e8a5fcda98635d80fe3f02fb29e662dba167690d3797fed2467be2f0e95de0d763dea4505136a

    • SSDEEP

      1536:s+nPkrG78F1fRSTiB3qYzJ9RbNZ4FDt93hsZ2:s+nPkrGAFCo3qYzJ9RbNZApwZ2

    Score
    1/10
    behavioral29behavioral30

    • Target

      icudt57.dll

    • Size

      24.5MB

    • MD5

      0180f17e967fcebe34ff722d7f736807

    • SHA1

      0bb91e87ae10029151c2ef4ac52eae7217f23952

    • SHA256

      176d8c3e97f54f304adcf050a90cfb1b714aac751ec9b19b3804d9eba06131aa

    • SHA512

      d37df25449cba3b8b729d7c3838721970c02c7b2d4f86627389f0a28caed84a8275026568686a49a61cb7d0a854e9b0e5ae157002935112b8a114e66c6d017ee

    • SSDEEP

      393216:QRAzF7nwBcaFgsiXUxuw+fWhl1MUl2noug9WbkxyEMS/FT437T/0rPI/eZcy0:1FnxZ

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

themida
Score
10/10

behavioral1

Score
4/10

behavioral2

Score
4/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

evasionthemidatrojan
Score
9/10

behavioral8

evasionthemidatrojan
Score
9/10

behavioral9

Score
1/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10