75aa10907161f15e36c85c79949a60e24c474a7843fd9897bda91fa2aed21204 | Triage

Submit
Reports

Overview

overview

Static

static

7

setup.exe

windows10-1703-x64

Sharing

General

Target

archive-230524-03_05_07.rar
Size

4.2MB
Sample

240523-tdd77age44
MD5

f3965220eb515fe52178c7ba8c0f00a8
SHA1

a4da50806ca5e54526d5a36b47dd2e83ced75f94
SHA256

75aa10907161f15e36c85c79949a60e24c474a7843fd9897bda91fa2aed21204
SHA512

55772f123f952345178dcc89b009e8e74f8dc6148c17f53df65e16281165ca67aa68309089e57e8e305957f1a646e8133833a8d2cef083863ff578751820e3c7
SSDEEP

98304:0KiJFHzp+mkiQEgLmGAxcyrgyIkDUc6Bzr01aR5r:0KiHzQz5JSpjEyIPc9Y/r

Score

10^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

setup.exe

Resource

win10-20240404-es

evasion themida trojan

windows10-1703-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  770.0MB
- MD5
  
  9c02820ad89ac844fe771f9f571497d5
- SHA1
  
  635e4317e97fce54d14e59c8e6e3da146c6f8f8d
- SHA256
  
  01141bf3fcaad427b21817be74c025d3b3e73866642e7e37a0080331a1808227
- SHA512
  
  241e29da0c44999f3c6b9667b9552b5b7e56dd079133ea42009643dd3c735e9658df7d3aa5e6a60813aa1f4ffbf0add3be42f1d3c9bc70f30a92a80e5d22a6b0
- SSDEEP
  
  49152:LELQqnFZggkFi7jZc8xVNUhfelFDDHLQb+hOpzspFmHTXW6xnaTMS5gpQFRufJNz:LVgkF4c8KGrfUKhaWm7CTcBqSGG8
Score

10^/10

evasion themida trojan
- Modifies firewall policy service
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

© 2018-2024

Terms | Privacy