Overview

overview

9

Static

static

1

userassist-toI_1.exe

windows10-1703-x64

9

userassist-toI_1.exe

windows10-2004-x64

9

userassist-toI_1.exe

windows11-21h2-x64

9

Resubmissions

09/09/2024, 00:38

240909-azhmystarn 9

09/09/2024, 00:37

240909-aygn9sware 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    userassist-toI_1.exe

  • Size

    13.7MB

  • Sample

    240909-azhmystarn

  • MD5

    628fdbd91cb97bb98719319f33906898

  • SHA1

    e02e7c3327e7afef2d3150777247103e397f9c2d

  • SHA256

    fb0902eee42d919696c4f445165b1837b8274c9505ebd916fc820e63e9b1202e

  • SHA512

    13ffa44b52c21bd6b8fbbcf6e5a9db9056af57708dc0c31a47eb6a188305614fb39f756733423af8dd0a576465399ee0aa6cb91335c639f4e350b91dba7512fc

  • SSDEEP

    196608:n00qhHwIhDVxi6b++Hsw+47fw26PtFCu:jq+se6b++Hz+47fwDo

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      userassist-toI_1.exe

    • Size

      13.7MB

    • MD5

      628fdbd91cb97bb98719319f33906898

    • SHA1

      e02e7c3327e7afef2d3150777247103e397f9c2d

    • SHA256

      fb0902eee42d919696c4f445165b1837b8274c9505ebd916fc820e63e9b1202e

    • SHA512

      13ffa44b52c21bd6b8fbbcf6e5a9db9056af57708dc0c31a47eb6a188305614fb39f756733423af8dd0a576465399ee0aa6cb91335c639f4e350b91dba7512fc

    • SSDEEP

      196608:n00qhHwIhDVxi6b++Hsw+47fw26PtFCu:jq+se6b++Hz+47fwDo

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks