Overview

overview

9

Static

static

7

XGmod_protected.exe

windows7-x64

9

XGmod_protected.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XGmod_protected.exe

  • Size

    3.6MB

  • Sample

    240806-pqnj6stala

  • MD5

    53bb09098a0f35afd8951d594d37e1a6

  • SHA1

    e19dc2887cbad0fb97abe7d4c394495b1ce1c4df

  • SHA256

    3696820d4d0db89876d5baaa8c90c1973335dea5476883a7e9fd604bdc83335d

  • SHA512

    244f1a988c99f2abf143e07c62a580e7938be4ac1d7447baf8bcd257fb25c63b60c75d5121912d3c046b5c02a8248f97450466047ba51e273a3139b99497f80b

  • SSDEEP

    98304:6TJfjwyO1RJPDF4EkO39eeGJeAPOX8tAXCus2Fy5P:6Ttjter4O9eXRmX3XCus2G

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      XGmod_protected.exe

    • Size

      3.6MB

    • MD5

      53bb09098a0f35afd8951d594d37e1a6

    • SHA1

      e19dc2887cbad0fb97abe7d4c394495b1ce1c4df

    • SHA256

      3696820d4d0db89876d5baaa8c90c1973335dea5476883a7e9fd604bdc83335d

    • SHA512

      244f1a988c99f2abf143e07c62a580e7938be4ac1d7447baf8bcd257fb25c63b60c75d5121912d3c046b5c02a8248f97450466047ba51e273a3139b99497f80b

    • SSDEEP

      98304:6TJfjwyO1RJPDF4EkO39eeGJeAPOX8tAXCus2Fy5P:6Ttjter4O9eXRmX3XCus2G

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks