9f469162158328f458c779eb75ac7b6261112dc76092ff4a0c048dcfb528c225

Sharing

Copy URL Twitter E-mail

General

Target

release.rar
Size

11.5MB
Sample

240619-swzfeasfpb
MD5

1512cd25a9738012af8cf107ba85401f
SHA1

50cb1dd227ffcbeeff3fd59955aa79aaa9f8a567
SHA256

9f469162158328f458c779eb75ac7b6261112dc76092ff4a0c048dcfb528c225
SHA512

a60efc426e03b43b9abbdc1dc19d2e5db9eccaf2f97604ab407f2140d826b74b8fe5e3096093722906d9c69558682e2f2340099be0ba1702ad5ca98a83032ef2
SSDEEP

196608:f4+J9lSadReUTHs57kMo82ViP3zYxAvGUFi0gpuKLoqizxw139o3IVTiypXyGd:f4+J9ljdReUTMJ9Ou3z8A+UA0gxLonze

Score

9^/10

Malware Config

Targets

- Target
  
  release.rar
- Size
  
  11.5MB
- MD5
  
  1512cd25a9738012af8cf107ba85401f
- SHA1
  
  50cb1dd227ffcbeeff3fd59955aa79aaa9f8a567
- SHA256
  
  9f469162158328f458c779eb75ac7b6261112dc76092ff4a0c048dcfb528c225
- SHA512
  
  a60efc426e03b43b9abbdc1dc19d2e5db9eccaf2f97604ab407f2140d826b74b8fe5e3096093722906d9c69558682e2f2340099be0ba1702ad5ca98a83032ef2
- SSDEEP
  
  196608:f4+J9lSadReUTHs57kMo82ViP3zYxAvGUFi0gpuKLoqizxw139o3IVTiypXyGd:f4+J9ljdReUTMJ9Ou3z8A+UA0gxLonze
Score

3^/10
behavioral1 behavioral2
- Target
  
  release/main/cheat.exe
- Size
  
  4.1MB
- MD5
  
  a20e247d5dbab2a84b718801dec0025e
- SHA1
  
  04d6c781da09b237068b1ed7054003a14833ea3b
- SHA256
  
  74c5383e22aa8ae4e9941fd5d431c80b617f583e4158647c807d5d6188d7cced
- SHA512
  
  ec9728e9344563a74c2a906f3b289c6383bc2f564cf722170f3d3fdbfd433790b4811c7f3e8d3e9de5b16b4618ed8244eb055bf01e1ffc49fd5ad477af73011c
- SSDEEP
  
  98304:IdlAOJ6MIcGcPJt4IEKNILJpCHFBPmjE2K/pu9mfhVlNNFQ:yqOYJcBP/4TKNItpCTmjERRu9enNI
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  release/main/loader.exe
- Size
  
  4.1MB
- MD5
  
  9ecdc9ed1bea6c226f92d740d43400b9
- SHA1
  
  b5b5066cd4284733d8c3f3d7de3ca6653091ae10
- SHA256
  
  60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
- SHA512
  
  30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
- SSDEEP
  
  98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  release/map/map.exe
- Size
  
  3.3MB
- MD5
  
  a5a681b19458d693464f24f0d22d7b32
- SHA1
  
  10b9edb6e510ee582815b3779064698ed9e90db8
- SHA256
  
  04a72e5f734b6d97c78477d82b1bd24d45e47769b98d908920265a01bbde2d37
- SHA512
  
  e27f08721444474d7f37e45b6636f71cd5e9823ab197b6665f5c48106f8f84ec57bd5f1e953a3c2d0200ae0f9e80b72a261444bea6e828a62cd0b44bf128ab31
- SSDEEP
  
  98304:GyVbJ5frOxTN0fAptwDUB+psfprlsg/zG3lC:f2JN0fG6wgsxrqQzGVC
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8
- Target
  
  release/readme.txt
- Size
  
  136B
- MD5
  
  fcebdd8b5fb2375817096c3ccaa7d983
- SHA1
  
  9c74429eb7a9bdbd41da10f53e688e32db937f80
- SHA256
  
  84e202ee56be41944643b1fa8b99b29450469d3bc64493edc37c5c6644c25b01
- SHA512
  
  a2d58fce370788a77dbb8b33fd7227a5118aebd406dd9e945a80a3b8572420fff49d4621ffa37911074becf0ffdc655bf01cb6101e5e9bc60fa1036534da6813
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Sets service image path in registry

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Sets service image path in registry

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10