38edb61a811812d56a563a4cf461a63ccbd6aa1db351040463218588b3284704 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

sapphire_c...ck.dll

windows11-21h2-x64

9

sapphire_c...er.exe

windows11-21h2-x64

9

sapphire_c...in.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

sapphire_cracked.zip
Size

29.5MB
Sample

240710-ep9e5sxfrb
MD5

5f900be29919ad33db9d96fbc2955894
SHA1

9ef137e8c0caa3bd9756d8462feaf8c81a9ef959
SHA256

38edb61a811812d56a563a4cf461a63ccbd6aa1db351040463218588b3284704
SHA512

95cf5524fface6bfbf60bda142ca3f168a48f83fb893e684d1e2a42f39df620d0b33d2afbef5f7ca0ae6207a21ecb8b765d69a006b8cb7e50eed8f14775778b8
SSDEEP

786432:E7wsJxH21jKDnWTD44hNQRqR0gQo9Ju34qIwj7aQ5TR7:E7I1jKL2DhR5P+3bIwj791

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

sapphire_cracked/crack.dll

Resource

win11-20240709-en

windows11-21h2-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

sapphire_cracked/loader.exe

Resource

win11-20240709-en

evasion themida trojan

windows11-21h2-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

sapphire_cracked/main.exe

Resource

win11-20240709-en

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  sapphire_cracked/crack.dll
- Size
  
  5.0MB
- MD5
  
  7ae4309d363db9abfe45f8469f5338a9
- SHA1
  
  05318a3103fbd1515719394d9cbb32c55e015dfc
- SHA256
  
  8fae0e62e9a8989a74e631d754dd71acf6b93142abfa7281d2fcd1b26eabcd54
- SHA512
  
  830dbe93d878d51c13a4d0fec31062813b64d92be05bbea54a33e71deafa3f55238fdd97ae5198ff387480f0a88482cdff2c33e238a033c7def1087134aae795
- SSDEEP
  
  98304:+oSYCYbuF/KS6d3+3tv3qTfffzXS0j6fdmjLdGGf:7MBdf+ff7TjZ
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1
- Target
  
  sapphire_cracked/loader.exe
- Size
  
  8.4MB
- MD5
  
  d1833b094db1e4c4c11123282365a44a
- SHA1
  
  44ac20657fdab59a5ca47afbdd08443adc59b973
- SHA256
  
  341c5c573350df8f79d7f2152bb239305b3df4f87fe18f8eb2cf9dbbb7aea375
- SHA512
  
  da1d8d0fc174a53c38b21b000846a1b250df05759436769f4453f03313028d92204660e45c172770a7ca1d6755b0833c92b766114993b65bd6d95ae20f626cbf
- SSDEEP
  
  196608:8QCjP+Q3V+80miPUHtXmDO/Jxwxvrqz7xdLqIjS:SP+2VDKUNV/3MYxdLq/
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral2
- Target
  
  sapphire_cracked/main.exe
- Size
  
  17.5MB
- MD5
  
  92f642212cdbe6ac3a8e6f48243a2489
- SHA1
  
  6c5b3c6fa506dc92cd0bb4aa36dc4ccdac77a727
- SHA256
  
  ef24286fb0f5c05f739109f955521ae44bc74b52414c05722a06daccc07ca4e6
- SHA512
  
  0af07851e1d2f014efe2ca6a943999cb746fa595dca564b18d3226bbb4866f4c4c642d6eaa2126297cbcb11fdcaa6c721a24c44d678aa643e1e2a32029480e95
- SSDEEP
  
  393216:oJT9O22UETklFz4Uu1u2u+rJvtNqe6ZNIllZEzhtMkQ:oJhTETklx4Uu1xfd1Km/EzhvQ
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionthemidatrojan

behavioral3

© 2018-2025

Terms | Privacy