3ab9c1f01bc383094fb615086c703c426bb97c282ccb8021f558d8b0dcd9e0e5

General

Target

release7-24.rar
Size

8.1MB
Sample

240728-awasyaxcrp
MD5

55d62cbb40a5153028f6f41557dd67ea
SHA1

5a5efe03d9702ce5ca4bc9386ec150e97ca8c364
SHA256

3ab9c1f01bc383094fb615086c703c426bb97c282ccb8021f558d8b0dcd9e0e5
SHA512

1f1a6e2926b2e68c8503c3416c140a47f981582b54f2dbb3ac1c7f2cdc235362c8200b3f82bfda7dd7d221b97f5be662c3e11b12fba341182cc8c135a2947854
SSDEEP

196608:y5MdYWiWzhiHVSZgGJWxAvGUFi0gpuKLoqizxw1w3:ymdPi4h7OGJ2A+UA0gxLonzt

Score

9^/10

Malware Config

Targets

- Target
  
  release/main/cheat.exe
- Size
  
  3.9MB
- MD5
  
  15380aff6449f0207e545b40fa4fb948
- SHA1
  
  dfb0fc1996026934eeeef357ee72c575d965c5b5
- SHA256
  
  d397d30d7572b18809387e574ad39c197add6b4b3fa9b0e1e4ffc0fb5ae934a5
- SHA512
  
  9394895bc01eced18c9a62a290a4350256f080154fb52fea86b734b6416376ad6c9f2a52316badef9949a9cb7940eaf924d51b1fe7210ebf8adc5bfa0c0fd4df
- SSDEEP
  
  98304:FFcLIHEOpUcYiWnovDtVEY7tIEwbKolu9MrQBHK5vl6pMwmT405KJRv:8eEOicKnGDt12EwbKouNRK/xF5KJN
Score

9^/10

evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  release/main/loader.exe
- Size
  
  4.1MB
- MD5
  
  9ecdc9ed1bea6c226f92d740d43400b9
- SHA1
  
  b5b5066cd4284733d8c3f3d7de3ca6653091ae10
- SHA256
  
  60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
- SHA512
  
  30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
- SSDEEP
  
  98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  release/map/Map.exe
- Size
  
  416KB
- MD5
  
  36c50332466b6e921edb79ea4b240278
- SHA1
  
  5b858fb375235e7638b7cef22ca972d27ce9cacc
- SHA256
  
  0a76f7d189b368598ee017d0094a6698ffff66d0f981f85769971170ca29e042
- SHA512
  
  fbc23c9d21e9dd3fbb7eac87fcee7e9db52d6c6450402ec90a7ba43940029af00d4ab9db8f0e662f30d8f99a34326673f26051932e2ae7afcfb377d053f4cc41
- SSDEEP
  
  12288:rbNG38Jf2mCsCTyTH8+vtQ7BWD24cVLxSf0:rbNG38Jf2mCsCTMc+laBH4cVLxSf
Score

8^/10

persistence defense_evasion
- Modify Registry: Disable Windows Driver Blocklist
  Disable Windows Driver Blocklist via Registry.
  defense_evasion
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6