1f1ddc20096c43e99ffd65e87c6ecf2bbe3a63cb1f450d78f06fca689f6c6de1

General

Target

bandicam_7.1.3.2456.zip
Size

28.6MB
Sample

240819-llp1nawgrg
MD5

a9a5a97d50d70233e1dc71b860321b41
SHA1

be4d8cb7333078abd939e1cf7cf35389e57a62dd
SHA256

1f1ddc20096c43e99ffd65e87c6ecf2bbe3a63cb1f450d78f06fca689f6c6de1
SHA512

a56d9f39640a6bfaeed9e3c52c62b1395f61a298cbf80d269e5e35a17d0c54be3c6693455cad9641502906c42679b5f43655924a250743de4029b54d8f7230bf
SSDEEP

786432:Z0NI4ji3Z6si4c5ChLdFgq0S9dY5JlKna0qTymM158lIN:d4jiIB55ChLdFJ0S9dSIeImlIN

Score

9^/10

Malware Config

Targets

- Target
  
  Bandicam 7.1.3.2456.exe
- Size
  
  28.6MB
- MD5
  
  c5b8907b4407dc5f86b1b300a799d007
- SHA1
  
  4883f42ed8c7aa16b05eb6ac5469a90b821092ce
- SHA256
  
  97391204d97cc1bdbdacd6e51655e7c6070b03c4d093baaeacf315bf8d04976b
- SHA512
  
  029e39e0c1a1f8a3e340c119429eec9b08d49c2d6ecbe8a158c0669af09e7c38a164778bb3c5c4133c2624543ba5acf2687c681f01c6d1fa563a5cff4399c95a
- SSDEEP
  
  786432:rjqKjScDomVyOH1k0QwA5oTLrDQAGUvt4Nr7MF0uyfAwCbVyZIf:6KjSte61D5oTLrDpGUvt4qe4EZIf
Score

9^/10

discovery evasion persistence privilege_escalation themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Modifies Windows Firewall
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  _Silent Install.cmd
- Size
  
  1KB
- MD5
  
  b9d72086ac8f11b3a2d57a6ee81e290e
- SHA1
  
  2f8526cbd5cd5bacae5c32f76b922b14e95c5ab2
- SHA256
  
  57d55d67bc6768b452345130da7dc2c063b94c92b7ecb3afe1efde0404f53f8a
- SHA512
  
  72cda059f8cb02a0962250c6cf43c5e95bfd6cd7f771d904f950799162bd0af881aee5fbed8cc91da6d8326033c89a96005bc5a3756bdee181b4594bf7fa7612
Score

9^/10

discovery evasion persistence privilege_escalation themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Modifies Windows Firewall
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  _Unpack Portable.cmd
- Size
  
  1KB
- MD5
  
  8c7898906ebb31f46601033bbd774c8d
- SHA1
  
  aa2d0f6dfdfd95313cae05a9ecee6c778842273a
- SHA256
  
  5869eddebf01cad116d867b048702043fb3c32c2091322425cdbd8bad9a7ce95
- SHA512
  
  6ff8cfdc8a7d884fd599ce862ef13393db1ec63723be7ec8ab47fd2feed74918a5b16ce101f52b87491b804b226b50618ab0d0374c50d7e2907108432c1b3e5b
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6