2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584

Sharing

Copy URL

Twitter E-mail

General

Target

2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584.exe
Size

43.1MB
Sample

240523-bmqcpsgb31
MD5

c75b5515952ea615219e1991c4592236
SHA1

2ade0a6c621b36f727e461059c3cdf2126d4bfca
SHA256

2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584
SHA512

65686328dc3ccec012871be9a1dcdc0aee0b0337ddf2ceeb689c4427a7a626091153a296a24ff4108dcca4e6247c2505e9375057172c56584f75dc82de4acb61
SSDEEP

786432:fV/UMe6yXkT3cCJ8FI5G4FtOOVPILJ8G+WwwlavmeeOEcI0wP0XECxgejlot:fVsMgXB2wpO1ILCTwlavmdOTLUCxLot

Score

10^/10

Malware Config

Targets

- Target
  
  2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584.exe
- Size
  
  43.1MB
- MD5
  
  c75b5515952ea615219e1991c4592236
- SHA1
  
  2ade0a6c621b36f727e461059c3cdf2126d4bfca
- SHA256
  
  2b3aa9f8d949be0919837b8f00c79700c0db437a6a8f042fcff2ec4b2c03c584
- SHA512
  
  65686328dc3ccec012871be9a1dcdc0aee0b0337ddf2ceeb689c4427a7a626091153a296a24ff4108dcca4e6247c2505e9375057172c56584f75dc82de4acb61
- SSDEEP
  
  786432:fV/UMe6yXkT3cCJ8FI5G4FtOOVPILJ8G+WwwlavmeeOEcI0wP0XECxgejlot:fVsMgXB2wpO1ILCTwlavmdOTLUCxLot
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  5f35212d7e90ee622b10be39b09bd270
- SHA1
  
  c4bc9593902adf6daaef37e456dc6100d50d0925
- SHA256
  
  31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d
- SHA512
  
  7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0
- SSDEEP
  
  192:E4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjaK72dwF7dBOne:tn3T5KdHCMRD/R1cOnrja+BO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10
behavioral5 behavioral6
- Target
  
  DRCom.dll
- Size
  
  2.8MB
- MD5
  
  3c8493c81b10ccb36a153cb7b4a6e6d7
- SHA1
  
  8834fed8a9595f35e86c6b39eb2993b85041344e
- SHA256
  
  ac8353cad0c254f179eaa67eec12392da4847931f2d8f4bddfcf732d5eabd77c
- SHA512
  
  ae057e71e0ae0dcb55cc8cac44fa9af986a11d4e8b6eec293ad061685f3f52d930d5746f32b42f0e601359c117a94f37e6529f336293a429ba2a51b8c62569ed
- SSDEEP
  
  49152:82TB73A+tsF0cPhBQqOwzuWJgNmVc5l9+YW9FXtJi0b5cHU50Qsh/:84R6qcPJuNmVMYYO3Ji0b5cH407h/
Score

9^/10

evasion themida trojan
- Detects executables packed with Themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8
- Target
  
  Qt5Core.dll
- Size
  
  4.9MB
- MD5
  
  e0e4aa23b2b9787eed9111ab6eaa811e
- SHA1
  
  cbff84498ed64a1fa6370890dd8f2556e4ff17b9
- SHA256
  
  9690349557ab3a572a7b7613edab185207fe465f72e13d6fe78d2237d09d0d49
- SHA512
  
  e6d21fd0df4a47541ce50f76177d29ae8676fc8ea91fc403011a0d757ae72d101eabbf3bccd1c819113b5946e45a17c56e3d59d286d404e73ca141d57a68582c
- SSDEEP
  
  98304:bdXta6foooJsv6tWKFdu9CPv+l4rGcU0HU:RgJsv6tWKFdu9CP96
Score

3^/10
behavioral10 behavioral9
- Target
  
  Qt5Gui.dll
- Size
  
  5.2MB
- MD5
  
  ff5a427898147253c594ef567a1ccbdc
- SHA1
  
  84a59f455c820dda1ba29b7150b604f5ecdd9454
- SHA256
  
  2f6257a9908e8e0890cebbc368c6ff24bf6fb8014356ce901689086a65899c22
- SHA512
  
  69f492c0763db30166ce53da3e5c75c817e5dc2367671483d0295854142f44fb68e97bb3454deb01c35d2a5bb6b0edb762b326292f2f6e2c13c510ffc617cd2a
- SSDEEP
  
  49152:thR7VlvpczZEgyebEHyyaeo3bMwDLoewKAx/OrBPV5YFCW/zNwbGD:Rvre8yXgwDL4KNWqY
Score

1^/10
behavioral11 behavioral12
- Target
  
  Qt5Network.dll
- Size
  
  1.0MB
- MD5
  
  f2635b5407e18378424b0305bb4af3bd
- SHA1
  
  1d99b34c86899aa5f0c0e207447ff5fb8f940f1f
- SHA256
  
  7275247f31ae54b3ba3a3591ed527c272248c4bb24fe433bb1ede8327b7e3b54
- SHA512
  
  16a818ebdbcc11f776303c10bf65fcb35c607712f34226ea2964d86ff94bf01c622b2ca12bf525916813b98d1f0eca0783e2020d461fadb18abe8eb2709e23c0
- SSDEEP
  
  24576:ItcRAfx7bLxTn3qJSr7IsrozCBDST/hrjw:IBfJ13y+2T5w
Score

3^/10
behavioral13 behavioral14
- Target
  
  Qt5PrintSupport.dll
- Size
  
  271KB
- MD5
  
  cfa74cc899a426212c1f82b2d1fbe583
- SHA1
  
  cc42712a2df7cc7baa5a4c7e0ddf95008c1e33f4
- SHA256
  
  1d7d0684d22b20b6d96b64325100364e9bce95de9d962812518da7ac80f12424
- SHA512
  
  7e3883913f4916858d61abc91dbf84af64be9945056264ab94b543813cd69e2240c963b888b8b17428b7395126542d9c4606ce0822d02937e41bb35ca1f63b57
- SSDEEP
  
  6144:6VFeifiHgE1SCAR9a4/UBt3Phcl3I90HMeG0tKhCPxS+plM4tPER0FEj/3cA28mL:6bEU93/0zYce
Score

3^/10
behavioral15 behavioral16
- Target
  
  Qt5Svg.dll
- Size
  
  308KB
- MD5
  
  d62af9cefed0bfed09017b21f66653ea
- SHA1
  
  9306e0b49024cb9905b3dab26ea180fd50c0f267
- SHA256
  
  d9bb5bd0928c7c67e3ab9b5cbaf2f79ccc52bf93e783667412d7b45b2ec20c4f
- SHA512
  
  2d45b546c28045a6d895b3adad96419d71ac0d02b1481e463e16d9c74a3c02f05069afc67c37338fda7c3d8675774278627b3c5a3904762c95b8f02c0be42005
- SSDEEP
  
  6144:bxLY3I53XvOkdkHogyQsokNYgYnrUuQG+3m2uAVJUVXpyYvYPK151QPwc8JUp8dy:75nfNYgsrUuQXm2uAVJidy
Score

3^/10
behavioral17 behavioral18
- Target
  
  Qt5WebKit.dll
- Size
  
  34.5MB
- MD5
  
  404d9879e3389a9f92d3c1e1b9650306
- SHA1
  
  3200e9cb698a995605014b1342da59745f2fc9f7
- SHA256
  
  a6465c2c4e5f72712f1d67818a675416fdc5d264b0176b991122ff00a428efd1
- SHA512
  
  3050686dbe06ec3289ac64ed5ba24697fb8abbf06d65d498464093240f6c41833394e6dfde5ac74d380408ef80eeff5f2b1d887c5df9815dba04eb2922772e0e
- SSDEEP
  
  393216:469BQY6Mi56onRz1StQcoLaD6ijfPWZSWlH80GoW+ekpb:ZQm8vSCxafPWZSWlcDD+ekpb
Score

3^/10
behavioral19 behavioral20
- Target
  
  Qt5WebKitWidgets.dll
- Size
  
  229KB
- MD5
  
  02e71fbf51367d02838e1b1a925c7de3
- SHA1
  
  6f30fc14124b2b7ee77eb765f2137e10b2f313a1
- SHA256
  
  7333f3f5a21ca7871ec9b12c2bec8da3c21329d7b2c7f2aad5ac940d7bc624d9
- SHA512
  
  fb8a9c921ffa33075bd9d4992e18274925bbb8620c0a98bcff35c12340468820795c9cf6d48211a4774882d6fefafe9a38e6ea58947cef58881a88bdf9650cc6
- SSDEEP
  
  6144:XKlA+hujV5DFkAfHWoHkdVEna4xJIfxwLMgS0M+VvP9k4YRw:alAyKU2kk
Score

3^/10
behavioral21 behavioral22
- Target
  
  Qt5Widgets.dll
- Size
  
  4.4MB
- MD5
  
  f282465a3b99c704bc1459e703d07445
- SHA1
  
  8e6b4cf669f0022d51600e2fb712452c5945d4d6
- SHA256
  
  32eba0cfbe2360e8a6cf8664cfd3e17737a63634092fbc5033a382321ff59548
- SHA512
  
  4315a8204655e2dfebbc48fbcc7f579f53b6c9f5cb42d7723100a45bfc233e2c38caccdeb36dba51f34849f184864a3bc5a4f8d9fd9fe6013832d63a68c08b86
- SSDEEP
  
  49152:sBrlvPXG8dF8A7sTCRoHEKgzqVK8u0nfhDgchW:sBte8H8AEHEzOnfhDgchW
Score

3^/10
behavioral23 behavioral24
- Target
  
  Qt5WinExtras.dll
- Size
  
  387KB
- MD5
  
  ba93ba118e23d554a72fc883cb7db3d3
- SHA1
  
  44d2e741d00502381805ed1ce1a28b3dd8720f62
- SHA256
  
  aeff0b647c03661ac15e0874c448f1ed652d1fe0b0f3cb1bed4cb7b01a36f879
- SHA512
  
  5471b215596b0768ace72c6f59ae789ebeee07ad58f984e339fdc1c194a3512dc6aa20ed772c11355244b7527556894bca0fd0cff22a58f4b3b830a5001100ea
- SSDEEP
  
  6144:HWRX1JxfdvbvcBih8W53z9gH5A1N7nAPhynwvq84Ce+FbmMExhHlER:HWRXPZ+WQgEbZExxQ
Score

3^/10
behavioral25 behavioral26
- Target
  
  Qt5Xml.dll
- Size
  
  159KB
- MD5
  
  0a3146fb0c27fa693fa9865df65935ee
- SHA1
  
  04df0d07883311ca3183f025d07c334e25b5f41d
- SHA256
  
  664a36f83473e6685fa12ea2dcaab84a48bdbd51e37bb6b0f25fd05bb56d554d
- SHA512
  
  8ff2257d1ae2ff90d0dc1b0b097db52ff864869de0cf8fe4302fe25fad23dff92d61bff7a68d63ced81c91b50a81687f7fb25837465a82adf19d9d9408b0ae96
- SSDEEP
  
  3072:2tw+g2Vs2c1yUJfLxhKeM2NDFU/st1GVG6FUA+gvJ1Qa3lK5atyZMM7JMe:2twr2VHGtXNvt1boJ1Qa3lCMeMe
Score

3^/10
behavioral27 behavioral28
- Target
  
  iconengines/qsvgicon.dll
- Size
  
  53KB
- MD5
  
  bf1715c5545462372fd5cfc54d4c9e07
- SHA1
  
  45a3cabce634876b9747181c6db733bccfe3f075
- SHA256
  
  c1775755b82a76aaa9ed6559512888bf2280a5644557a82e600a06c7dbd31204
- SHA512
  
  bc05b67ca0b5933c2dcfdf33ca58e81630d6887b78794c8ac59e8a5fcda98635d80fe3f02fb29e662dba167690d3797fed2467be2f0e95de0d763dea4505136a
- SSDEEP
  
  1536:s+nPkrG78F1fRSTiB3qYzJ9RbNZ4FDt93hsZ2:s+nPkrGAFCo3qYzJ9RbNZApwZ2
Score

1^/10
behavioral29 behavioral30
- Target
  
  icudt57.dll
- Size
  
  24.5MB
- MD5
  
  0180f17e967fcebe34ff722d7f736807
- SHA1
  
  0bb91e87ae10029151c2ef4ac52eae7217f23952
- SHA256
  
  176d8c3e97f54f304adcf050a90cfb1b714aac751ec9b19b3804d9eba06131aa
- SHA512
  
  d37df25449cba3b8b729d7c3838721970c02c7b2d4f86627389f0a28caed84a8275026568686a49a61cb7d0a854e9b0e5ae157002935112b8a114e66c6d017ee
- SSDEEP
  
  393216:QRAzF7nwBcaFgsiXUxuw+fWhl1MUl2noug9WbkxyEMS/FT437T/0rPI/eZcy0:1FnxZ
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Detects executables packed with Themida

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32