5e1d6c967328d7b5c61028616420b13c83c3609bdc7667f75bbd923118dca19e | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Apple.exe

windows10-2004-x64

9

Sharing

General

Target

Apple.exe
Size

231KB
Sample

240720-1gs9vaxbpa
MD5

2340b8a2bd837a5cff9b309477e482f7
SHA1

9388ce8dd1e17e680e6ccf130e5a07beb06d0df8
SHA256

5e1d6c967328d7b5c61028616420b13c83c3609bdc7667f75bbd923118dca19e
SHA512

f44d430b857a52e39ba9b3d0c831dcf74663351046e472b8c265421e3d05ea14870776a18651658eaa509ccdae8ead2cadce6a54cbf14e625d844d7a933a8259
SSDEEP

3072:wYwfMXIzqQWIY1LgWqoMcwBpdIi6MTBsOzu7m2N943SVMG34DmfGGEbt4m2b3cTd:6fMXIe/14ogFIk3LFCa7k

Score

9^/10

evasion persistence privilege_escalation themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Apple.exe

Resource

win10v2004-20240709-en

evasion persistence privilege_escalation themida trojan

windows10-2004-x64

21 signatures

60 seconds

Malware Config

Targets

- Target
  
  Apple.exe
- Size
  
  231KB
- MD5
  
  2340b8a2bd837a5cff9b309477e482f7
- SHA1
  
  9388ce8dd1e17e680e6ccf130e5a07beb06d0df8
- SHA256
  
  5e1d6c967328d7b5c61028616420b13c83c3609bdc7667f75bbd923118dca19e
- SHA512
  
  f44d430b857a52e39ba9b3d0c831dcf74663351046e472b8c265421e3d05ea14870776a18651658eaa509ccdae8ead2cadce6a54cbf14e625d844d7a933a8259
- SSDEEP
  
  3072:wYwfMXIzqQWIY1LgWqoMcwBpdIi6MTBsOzu7m2N943SVMG34DmfGGEbt4m2b3cTd:6fMXIe/14ogFIk3LFCa7k
Score

9^/10

evasion persistence privilege_escalation themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalationthemidatrojan

© 2018-2025

Terms | Privacy