Overview

overview

9

Static

static

3

GREGUM RP.exe

windows7-x64

5

GREGUM RP.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    GREGUM RP.exe

  • Size

    8.5MB

  • Sample

    240727-s55c1swemp

  • MD5

    f0283045ebe61c29a7297578891e88f8

  • SHA1

    9d82c3bf276aa7f2dfad18081994cde34dd4e1bc

  • SHA256

    c56a975a6d250f3205cf48ea777e2aa46a1d6a785b98d2a1646c7c5ae43b498f

  • SHA512

    9e8285e606134eaa894cb604a4922ebef914b737614b05f03d4ba4df3faaa40981bb9c18828c984b98c12d56cc20377b35c309989c8f3642c08078a59bb21f7c

  • SSDEEP

    196608:7kfRhsNR830dn7RhHIcz/d5X+OAjeQwmU5D:AfwK+3HzzVdF0eV5

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      GREGUM RP.exe

    • Size

      8.5MB

    • MD5

      f0283045ebe61c29a7297578891e88f8

    • SHA1

      9d82c3bf276aa7f2dfad18081994cde34dd4e1bc

    • SHA256

      c56a975a6d250f3205cf48ea777e2aa46a1d6a785b98d2a1646c7c5ae43b498f

    • SHA512

      9e8285e606134eaa894cb604a4922ebef914b737614b05f03d4ba4df3faaa40981bb9c18828c984b98c12d56cc20377b35c309989c8f3642c08078a59bb21f7c

    • SSDEEP

      196608:7kfRhsNR830dn7RhHIcz/d5X+OAjeQwmU5D:AfwK+3HzzVdF0eV5

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks