f41d12d5b736a82f4c53e3c3f242560dfd800a24076186399dd695f3b493184b | Triage

Submit
Reports

Overview

overview

9

Static

static

7

bootstrap_win.exe

windows10-2004-x64

9

Resubmissions

04/09/2024, 17:40

240904-v85jasthkj 9

04/09/2024, 17:32

240904-v4e3vavhkh 9

04/09/2024, 17:24

240904-vyq8xstgjr 9

Sharing

Copy URL Twitter E-mail

General

Target

bootstrap_win.exe
Size

8.4MB
Sample

240904-v4e3vavhkh
MD5

94bb92418bf395fa8d5ac86ab036f121
SHA1

2a62229615d627cd225a783079caff4f22f4005a
SHA256

f41d12d5b736a82f4c53e3c3f242560dfd800a24076186399dd695f3b493184b
SHA512

7205e4e6a67f2685669bb2262e6f3c459978e20bf80497714d1b67ede1731b92c0ed067181c703ee8cd43bf9d5780469eda00706f4b96dfc7ba18bbc688f099e
SSDEEP

196608:dDHArnQmQ6ikz8BnfVamqeDR9Loa8S/qErUfN40v62U+MG:tiVQ6inNqeDR9ca7SErUfJy2Uo

Score

9^/10

discovery evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bootstrap_win.exe

Resource

win10v2004-20240802-en

discovery evasion themida trojan

windows10-2004-x64

15 signatures

1800 seconds

Malware Config

Targets

- Target
  
  bootstrap_win.exe
- Size
  
  8.4MB
- MD5
  
  94bb92418bf395fa8d5ac86ab036f121
- SHA1
  
  2a62229615d627cd225a783079caff4f22f4005a
- SHA256
  
  f41d12d5b736a82f4c53e3c3f242560dfd800a24076186399dd695f3b493184b
- SHA512
  
  7205e4e6a67f2685669bb2262e6f3c459978e20bf80497714d1b67ede1731b92c0ed067181c703ee8cd43bf9d5780469eda00706f4b96dfc7ba18bbc688f099e
- SSDEEP
  
  196608:dDHArnQmQ6ikz8BnfVamqeDR9Loa8S/qErUfN40v62U+MG:tiVQ6inNqeDR9ca7SErUfJy2Uo
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy