fe4bf4127f90432d512fd211363d59f552c6741bc4625a08bca9ac2c89b86ea9 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

UBGG Internal.exe

windows7-x64

9

UBGG Internal.exe

windows10-2004-x64

9

Sharing

General

Target

UBGG Internal.exe
Size

6.3MB
Sample

240608-garmwshd9z
MD5

d4e1dc6dd9095039646485bdb5b2a452
SHA1

b50fd8a91e5203aa52cd8ebfa55a69705fc1af9c
SHA256

fe4bf4127f90432d512fd211363d59f552c6741bc4625a08bca9ac2c89b86ea9
SHA512

556afcfb8424a2b3ca783e199ec1958e0171bbfc0d633da8b264fc42506bedda8ad393a5c266b190e2c47ab8039993e90f561d4f5995c80862002296ed26e530
SSDEEP

98304:mtsSlQpwe40HXnEshBljnOgV2hcOwSfvfhk2MfYDY1GgOw9c41VBji0ChmpP/:mVQpdXHXnnhNV2hcDKXhV+UYJO8c8fn

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

UBGG Internal.exe

Resource

win7-20240221-en

evasion themida trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

UBGG Internal.exe

Resource

win10v2004-20240226-en

evasion themida trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  UBGG Internal.exe
- Size
  
  6.3MB
- MD5
  
  d4e1dc6dd9095039646485bdb5b2a452
- SHA1
  
  b50fd8a91e5203aa52cd8ebfa55a69705fc1af9c
- SHA256
  
  fe4bf4127f90432d512fd211363d59f552c6741bc4625a08bca9ac2c89b86ea9
- SHA512
  
  556afcfb8424a2b3ca783e199ec1958e0171bbfc0d633da8b264fc42506bedda8ad393a5c266b190e2c47ab8039993e90f561d4f5995c80862002296ed26e530
- SSDEEP
  
  98304:mtsSlQpwe40HXnEshBljnOgV2hcOwSfvfhk2MfYDY1GgOw9c41VBji0ChmpP/:mVQpdXHXnnhNV2hcDKXhV+UYJO8c8fn
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2025

Terms | Privacy