48f7fbe3cb26ad15725dea3facde3fd49e0708c59e35a0752bf7dc39a84ea4ce

General

Target

privtoolscringeasfnamecracked.zip
Size

42.9MB
Sample

240823-1rq78s1dmq
MD5

59daa83e0f9a4ff754e7aeadb1356ce1
SHA1

a95d200c49572dc766a975c6df411c32b3c009a5
SHA256

48f7fbe3cb26ad15725dea3facde3fd49e0708c59e35a0752bf7dc39a84ea4ce
SHA512

c2325aed9074addfc406b559d7d7f6b628f7092d9c4a732146d80eb3a648ef3c2af0e60e5ef5bdb437b9ba22c3deae60dc014b57eeb4d7ed204959a1b59062c0
SSDEEP

786432:d/IOVz164uUCSBYhoiN3m6/4dl37+ErvnLOOtN+:VVcSp5Q3TWl3PrzW

Score

9^/10

Malware Config

Targets

- Target
  
  crack.dll
- Size
  
  2.3MB
- MD5
  
  36e6e177248684cd8910b736b8a53bf8
- SHA1
  
  c139c6dee245e18fea12c5b5c15d3b14580c718e
- SHA256
  
  80f1508a454aca11f7012f47c497b25d848b6f803417f194eb8a340a35d98020
- SHA512
  
  910a88307878cabf052a061887a82c6ac5382ffe87dd60a7576e90e8807f84fe73e6670db5ab0f27736cfb18338278babaae2e5d02bdd038c14c63ffc7ebe45a
- SSDEEP
  
  49152:AB5FQmkom+KbxROsCZvYCYyhWefdmjLdGGf:Zom+Kb4vYCYyBfdmjLdGGf
Score

1^/10
behavioral1 behavioral2
- Target
  
  loader.exe
- Size
  
  5.3MB
- MD5
  
  8106fe1bba482da9cf1436a1fac73230
- SHA1
  
  2eea03f71155c437875d00a9c8de052689dcb824
- SHA256
  
  c5e0a4e8bcb73aa7b6da814ac986d07836f87aa70af84620087eaa8ccb680ff7
- SHA512
  
  a98e7452ecbf0a4493da4d471b719f5c2e88d0526a9b1a9ac7ed3eda1c131401184c425f3b858d588e2b75d5747e47671e7a4d2f04c8071d847f9721dc19bdad
- SSDEEP
  
  98304:9QROUfH/3HV6K1eiTzW2H0P2U9HenTueByxs0oahbG6IfDMMllqg7:9QvfflRLUPBenTuMyxs0oejIfDMgln7
Score

9^/10

evasion themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  privatools.exe
- Size
  
  37.9MB
- MD5
  
  45f5f568b7ee52fa38c7683d7948ba4c
- SHA1
  
  d9c0676464a89f002bf34d26547fa47df2bc9132
- SHA256
  
  95c3197b3d1c6161cae995ad4580124d26d7025b809b99ac1c1180a103fa1ec0
- SHA512
  
  ad1b04de3aa5354d06efd51e1006330a526b2aa4be9b335fea3a083e69a434a732b52a983633c3effb0c08484c78b58006da6cc0783a5591e9419621b8071d8f
- SSDEEP
  
  786432:4WQtskXCcDlS9cQEWhhQCLL/JdCjUEzjLxi0xpQFu4QBWaFuJR8:rQtBXyOQJbF/+LzjLxi0PQw4QBz
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Themida packer

Suspicious use of NtSetInformationThreadHideFromDebugger

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Loads dropped DLL

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6