Overview

overview

9

Static

static

7

Krucus.exe

windows7-x64

9

Krucus.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Krucus.exe

  • Size

    6.0MB

  • Sample

    240818-yy7gpasarh

  • MD5

    a938b80e92920a073e68879980beb3e0

  • SHA1

    8d94699b8f59e195a8ffa65073e9bd7ccf7b8f16

  • SHA256

    c399ba79f6878bf36707de5c00ba82f31b06514f3224318fc78f8a71d6892c44

  • SHA512

    9fa1a6e9d80257e462c04e1ecb03e705870d4587f579c30950792b87d6f60d9555c0a7f41407a836c82d169c3f2bdadf51e327335a569e1c55820b3a59aaaa68

  • SSDEEP

    98304:HtAw0DPvjjNUsiLiIwqqowdDAXP9R2vDWgNGt93jkAe+C1vfBz0YTXKYFTsss5y:KbDPfNUAtqqti/9IvDWdpeV1nBz0YTHH

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      Krucus.exe

    • Size

      6.0MB

    • MD5

      a938b80e92920a073e68879980beb3e0

    • SHA1

      8d94699b8f59e195a8ffa65073e9bd7ccf7b8f16

    • SHA256

      c399ba79f6878bf36707de5c00ba82f31b06514f3224318fc78f8a71d6892c44

    • SHA512

      9fa1a6e9d80257e462c04e1ecb03e705870d4587f579c30950792b87d6f60d9555c0a7f41407a836c82d169c3f2bdadf51e327335a569e1c55820b3a59aaaa68

    • SSDEEP

      98304:HtAw0DPvjjNUsiLiIwqqowdDAXP9R2vDWgNGt93jkAe+C1vfBz0YTXKYFTsss5y:KbDPfNUAtqqti/9IvDWdpeV1nBz0YTHH

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks