f445e496a05f3d45920d225dd1532c98b93b53c62358778bd68453d2c6eba877 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

f445e496a0...7N.exe

windows7-x64

9

f445e496a0...7N.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

f445e496a05f3d45920d225dd1532c98b93b53c62358778bd68453d2c6eba877N
Size

5.3MB
Sample

241002-evwfgawhnk
MD5

3e9a3c0f1e01f004e0ff669257afcd80
SHA1

9226820ebee217d76d358268269f22ad969a8f41
SHA256

f445e496a05f3d45920d225dd1532c98b93b53c62358778bd68453d2c6eba877
SHA512

f431d419f08bf3818d5252706da42dc734f3a2586f3090bacc217d25668cac0eea09124348d8bae349a656db3f951d5a262387e8b9062903faf059e72a617bb2
SSDEEP

98304:Fl6tTOYLPmZN3bo62tapuG4+fbHv15GG+plNDu/dKHqOC6:utTOKOZZ32wpuG4WbaXU/dKHJX

Score

9^/10

discovery evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f445e496a05f3d45920d225dd1532c98b93b53c62358778bd68453d2c6eba877N.exe

Resource

win7-20240704-en

discovery evasion themida trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

f445e496a05f3d45920d225dd1532c98b93b53c62358778bd68453d2c6eba877N.exe

Resource

win10v2004-20240802-en

discovery evasion themida trojan

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Targets

- Target
  
  f445e496a05f3d45920d225dd1532c98b93b53c62358778bd68453d2c6eba877N
- Size
  
  5.3MB
- MD5
  
  3e9a3c0f1e01f004e0ff669257afcd80
- SHA1
  
  9226820ebee217d76d358268269f22ad969a8f41
- SHA256
  
  f445e496a05f3d45920d225dd1532c98b93b53c62358778bd68453d2c6eba877
- SHA512
  
  f431d419f08bf3818d5252706da42dc734f3a2586f3090bacc217d25668cac0eea09124348d8bae349a656db3f951d5a262387e8b9062903faf059e72a617bb2
- SSDEEP
  
  98304:Fl6tTOYLPmZN3bo62tapuG4+fbHv15GG+plNDu/dKHqOC6:utTOKOZZ32wpuG4WbaXU/dKHJX
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

behavioral2

discoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy