Overview

overview

9

Static

static

7

Haxor-AIO/...IO.exe

windows10-1703-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Haxor-AIO.rar

  • Size

    2.4MB

  • Sample

    240709-qj2nwsxdnf

  • MD5

    c0f3894bd447abda9a74624369ec6d9a

  • SHA1

    4e04680262e645d81f4e19f7333e55f1b1394d4b

  • SHA256

    227ae7da30e8282c5fb57fa7e913411f19f9f3488c58badb753598ca6a4faaae

  • SHA512

    8a62f3e42033bac3ad775be02ccf5f2e89948d92816423711f99d5d14d5a2be4baf6a0d42ac6a343c32d995376c44cc875d0efaede1118bcdd28676aa0777f69

  • SSDEEP

    49152:IzR2f2Wet8Sz1rtedWHQCK2392Qqq12Sj1MWqoRPX+/eu:Y2f2nZ9K2XRTPX+f

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Haxor-AIO/Haxor-AIO.exe

    • Size

      244KB

    • MD5

      216946b0e047100e4a2727b6edc3f369

    • SHA1

      df848ac54617db88ee4bb6144e0a201402fe7e7f

    • SHA256

      e6dcc4f30dd7eba66cb3281fc4696fc1d7776de58591f123398f2e952e11a24d

    • SHA512

      77c7253191f3ca4e69fd7d8839db35d8f49994e33ed98637792a99fa9a0fd10a79e1456f4799138a758a71872bce751910697fcf1946a90e35f5b6257d14a7d0

    • SSDEEP

      6144:HeU9ZEwQ5Fnp0Ak27gU6bF8VmOAOPp7paKFh:HxfXgFnphE780ORZpaEh

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks