Overview

overview

9

Static

static

7

Client_protected.exe

windows7-x64

9

Client_protected.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Client_protected.exe

  • Size

    3.8MB

  • Sample

    240909-a862xawepb

  • MD5

    409f67161fe67ab685d889941c1f3754

  • SHA1

    8a7e3ef00d88e0ae81eeb8b4d327fe3fa6021bff

  • SHA256

    a6bab94f002d8013a49941cd682817e5562327abb6dd9e007e6b00fbda518260

  • SHA512

    b401c0452c212e33c67d93a428d7a776e48af33f084cfdab3b336506568e4a464b3df1c3ba44fc8e62a409c8a3b3aabe4a406fa9a27dcd6792416efbf193f314

  • SSDEEP

    98304:L6Mh8+ZKjXiB6SWuw+Qnw5zTrS2K6IKUI6QmRzKU:Lt5B6SN4w5DffmMU

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Client_protected.exe

    • Size

      3.8MB

    • MD5

      409f67161fe67ab685d889941c1f3754

    • SHA1

      8a7e3ef00d88e0ae81eeb8b4d327fe3fa6021bff

    • SHA256

      a6bab94f002d8013a49941cd682817e5562327abb6dd9e007e6b00fbda518260

    • SHA512

      b401c0452c212e33c67d93a428d7a776e48af33f084cfdab3b336506568e4a464b3df1c3ba44fc8e62a409c8a3b3aabe4a406fa9a27dcd6792416efbf193f314

    • SSDEEP

      98304:L6Mh8+ZKjXiB6SWuw+Qnw5zTrS2K6IKUI6QmRzKU:Lt5B6SN4w5DffmMU

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks