67d6547f4024b6fefc861cf459edd084508b06606d98b79cf7e323fe88057e79 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

asa.exe

windows11-21h2-x64

9

Resubmissions

30-05-2024 18:56

240530-xlvfxshe33 9

30-05-2024 18:54

240530-xkezvagb8v 9

29-05-2024 23:57

240529-3zvazaeg6s 9

Sharing

General

Target

asa.exe
Size

7.0MB
Sample

240530-xkezvagb8v
MD5

e0c26d4ff2caf2baaa9968b6a1fd33ff
SHA1

5631a0da13af42bbacbcfc2e878a37b857c21157
SHA256

67d6547f4024b6fefc861cf459edd084508b06606d98b79cf7e323fe88057e79
SHA512

a3710eefa23286dbd704d26f9d5fb5f7f4cdf4433b6c4d84238e2c9b689b4e17c0dfb29912f9796f9a4f1d61c1f0e96348effb737895ff90df58088372a367d5
SSDEEP

98304:EB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:tcUG4raKu24YY7HVT4hV0AD6QgqKRgX

Score

9^/10

agilenet evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

asa.exe

Resource

win11-20240426-en

agilenet evasion themida trojan

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  asa.exe
- Size
  
  7.0MB
- MD5
  
  e0c26d4ff2caf2baaa9968b6a1fd33ff
- SHA1
  
  5631a0da13af42bbacbcfc2e878a37b857c21157
- SHA256
  
  67d6547f4024b6fefc861cf459edd084508b06606d98b79cf7e323fe88057e79
- SHA512
  
  a3710eefa23286dbd704d26f9d5fb5f7f4cdf4433b6c4d84238e2c9b689b4e17c0dfb29912f9796f9a4f1d61c1f0e96348effb737895ff90df58088372a367d5
- SSDEEP
  
  98304:EB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:tcUG4raKu24YY7HVT4hV0AD6QgqKRgX
Score

9^/10

agilenet evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agilenetevasionthemidatrojan

© 2018-2024

Terms | Privacy