Overview

overview

9

Static

static

7

PoseidonLauncher.exe

windows7-x64

9

PoseidonLauncher.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    PoseidonLauncher.zip

  • Size

    8.0MB

  • Sample

    240526-tpaddada77

  • MD5

    c84d6ddc0ea0cd01997e080a47232218

  • SHA1

    20407c4e173bf189fb21c76aec887dcad36ecfdf

  • SHA256

    7fdb8b5038bb8f1f5367f8d6a1cf90f96b41482a836b62db72ef4fd139a4fdd2

  • SHA512

    ac518dc03ec9b81279adbc3fb3bba5e53ba1c7e563a28dc805115bf69dd0f1d7b2dbf5eca4bcb0014082a11ab35237861369f5539ae879c122a94b66eaf48b44

  • SSDEEP

    196608:AZy040asZjG8pj42YsBuW8RcDCAHGc7HJA6+fWNjIdjFEKbDW38d:AZy04Hssa4ZiaGDbGcNA6ESIRnbi0

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      PoseidonLauncher.exe

    • Size

      8.3MB

    • MD5

      1726cc919807c2ec45d387dc9c414fc0

    • SHA1

      8b795fbda3b933f89d2fa13f2674649ddbc7abed

    • SHA256

      89a70543929e782c5c76770c9db1c2c749fa2fdf877442ca208b83c737b81abf

    • SHA512

      2cff9fa0ae3e06ff7216aff58409aa4cf38a000f6c242347e8906c780e87523b92bbb8a5a23e06b1d150356583e588549c79af3c6731bc188fa676e31ac60164

    • SSDEEP

      196608:CuxijB/LjJ8mj05U8DWXEqoGdf0dk9pYQAIwNwy1CHUE58:CuxiV/Ll8mA5sEqoIa/hNwyw0c8

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks