c41f4ce82bf89bf2210c0e35fc97bbf87e04f7ba4736ad8a138d64ffa2419493

General

Target

pkg.7z
Size

7.6MB
Sample

240925-ewtm9sxglh
MD5

90e6595e664adafe264e009ebe87b7c1
SHA1

fa642cd1929f4d283ba60b408234acc65e68392d
SHA256

c41f4ce82bf89bf2210c0e35fc97bbf87e04f7ba4736ad8a138d64ffa2419493
SHA512

933f72d92d315562de680cd0a214cec2f8c838196e7c19ce9f0e31c2d41474fcf4ff5b1bded7b73156fee1608de052485b545950d3278e8b58067258e4717f5c
SSDEEP

196608:eMHu5Q+X7dKL4uorVGpFZMuT3Vqcntvmj:XO5bKLesPKuDVqcVmj

Score

9^/10

Malware Config

Targets

- Target
  
  cli_gui.exe
- Size
  
  3.1MB
- MD5
  
  958d97f6f303d7590e392ec220d68c71
- SHA1
  
  590d31d85b55cd7ea1aff39e0bb87e8e6ce91234
- SHA256
  
  a97a34b970e15645f5a33cac0e8f901e08413cc270e1f05803391e76573061b2
- SHA512
  
  9a4abb717e028d62bf682183aa7aaf225a2d31edbdac076b961f533d6f309a9d8fff202d9296d1e4dbc1f065baa774c198ef6b14957aa22d75fe16f9f4345766
- SSDEEP
  
  98304:7q/lYTQKc1N8TNaO6+Sxguoz+O+cg4k8cB:7q90O1WY3quoar/4JcB
Score

9^/10

evasion execution themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  cs2.exe
- Size
  
  283KB
- MD5
  
  8a2122e8162dbef04694b9c3e0b6cdee
- SHA1
  
  f1efb0fddc156e4c61c5f78a54700e4e7984d55d
- SHA256
  
  b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450
- SHA512
  
  99e784141193275d4364ba1b8762b07cc150ca3cb7e9aa1d4386ba1fa87e073d0500e61572f8d1b071f2faa2a51bb123e12d9d07054b59a1a2fd768ad9f24397
- SSDEEP
  
  6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT
Score

1^/10
behavioral3
- Target
  
  syscfg.cfg
- Size
  
  4.4MB
- MD5
  
  05d97df4a0a9d9a0deb77962b078f2c4
- SHA1
  
  1e567968b02cb186db581c1e0578d2172310aa35
- SHA256
  
  be09f9622ce35837ed44504987dc0529a9c482a8c2dd4afcb0f0edbb51039897
- SHA512
  
  710d17955b6a61bbaccc8155d7aea47890bfe2b9165c612b878a1b45382e0a2315c4a5599f5475da662b65e6c7f1306f2becc48877816f99945c357f12180c2f
- SSDEEP
  
  98304:/wiJWxaUYlvqWvphL8qYVf42HXrgEM8viMLbojB5:/wiFqwvOfTHbLpHojB5
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral4 behavioral5