0865bf46e738d3a7261f2ceb2062b4954cdb776e01cac642797a4899388ea991 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

0865bf46e7...91.exe

windows7-x64

9

0865bf46e7...91.exe

windows10-2004-x64

9

Sharing

General

Target

0865bf46e738d3a7261f2ceb2062b4954cdb776e01cac642797a4899388ea991
Size

12.9MB
Sample

240911-l2hxaatgmn
MD5

c654577b8106ce14eb8c8030e63f4211
SHA1

b07f1c34f6da6255a71569812bb14d3f33e6a647
SHA256

0865bf46e738d3a7261f2ceb2062b4954cdb776e01cac642797a4899388ea991
SHA512

9c5fde7e1fc33a65a573d235a2d182fef63f11320b632f498e6a0a5ce3eea797b8dbcfb6427822785f759a788b099b5ca21dd247519ae45b6037a510b3b592fb
SSDEEP

393216:2g+i2FEIhcjMLB12oHRw+W9GXMUrNcfMlGp0:ZSEscwV12oxHHJrep0

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0865bf46e738d3a7261f2ceb2062b4954cdb776e01cac642797a4899388ea991.exe

Resource

win7-20240903-en

evasion themida trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0865bf46e738d3a7261f2ceb2062b4954cdb776e01cac642797a4899388ea991.exe

Resource

win10v2004-20240802-en

evasion themida trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  0865bf46e738d3a7261f2ceb2062b4954cdb776e01cac642797a4899388ea991
- Size
  
  12.9MB
- MD5
  
  c654577b8106ce14eb8c8030e63f4211
- SHA1
  
  b07f1c34f6da6255a71569812bb14d3f33e6a647
- SHA256
  
  0865bf46e738d3a7261f2ceb2062b4954cdb776e01cac642797a4899388ea991
- SHA512
  
  9c5fde7e1fc33a65a573d235a2d182fef63f11320b632f498e6a0a5ce3eea797b8dbcfb6427822785f759a788b099b5ca21dd247519ae45b6037a510b3b592fb
- SSDEEP
  
  393216:2g+i2FEIhcjMLB12oHRw+W9GXMUrNcfMlGp0:ZSEscwV12oxHHJrep0
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy