Overview

overview

9

Static

static

7

desync.exe

windows7-x64

9

desync.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    desync.exe

  • Size

    7.6MB

  • Sample

    240616-yg89ysydnp

  • MD5

    7a15474ad603daa01797d79bb62e175a

  • SHA1

    888862cdab8da414fb6840c5eebcdd61ce669e21

  • SHA256

    81caa3adef4253955af7d8e935d6c6d3c3fb6134fdb9a37e46a3da4695136154

  • SHA512

    569bba67fcaf64560409cbde165136bc5148de426314b74d89c33112098d75066c7afb8bb4767ed47fa068c78f1eca8abe5a45907960be4c584045b4c4bef41d

  • SSDEEP

    196608:la3mPC8AJfo8ARlJwONkYCamxR2qL9feH0WFOktv0S:I3mC8ufdWlJwONkDamr2qLpeBOYv0S

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      desync.exe

    • Size

      7.6MB

    • MD5

      7a15474ad603daa01797d79bb62e175a

    • SHA1

      888862cdab8da414fb6840c5eebcdd61ce669e21

    • SHA256

      81caa3adef4253955af7d8e935d6c6d3c3fb6134fdb9a37e46a3da4695136154

    • SHA512

      569bba67fcaf64560409cbde165136bc5148de426314b74d89c33112098d75066c7afb8bb4767ed47fa068c78f1eca8abe5a45907960be4c584045b4c4bef41d

    • SSDEEP

      196608:la3mPC8AJfo8ARlJwONkYCamxR2qL9feH0WFOktv0S:I3mC8ufdWlJwONkDamr2qLpeBOYv0S

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks