Overview

overview

9

Static

static

7

d35c0deea9...7e.exe

windows7-x64

9

d35c0deea9...7e.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    d35c0deea9e09e8f9b5d5eae1893017f5cbb410e13fbc4c7675bb34d096a697e

  • Size

    13.8MB

  • Sample

    241004-sqjg1a1erq

  • MD5

    e09712e72d18119a93f4cd44c5bb8442

  • SHA1

    48b01f50437e0f605343e687dad1ad2d3d293358

  • SHA256

    d35c0deea9e09e8f9b5d5eae1893017f5cbb410e13fbc4c7675bb34d096a697e

  • SHA512

    cc1bbc4ea4ef84a3c9c7474792c70cbd311710a86e329c2bd78c3e6b0e38653b29e5e6a79d26f0b7440ab469d88b5114d673675afa1766dc359df4cb7d89faa9

  • SSDEEP

    196608:EMebmM5R/eQyYKKHi1w9VhTxbAQ5owejuJDUX47dwdW06aw2cPaMBfQ0W8/La+YZ:E7bvpFK0iuVFxCaUX47d4Saw2CW8naD

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      d35c0deea9e09e8f9b5d5eae1893017f5cbb410e13fbc4c7675bb34d096a697e

    • Size

      13.8MB

    • MD5

      e09712e72d18119a93f4cd44c5bb8442

    • SHA1

      48b01f50437e0f605343e687dad1ad2d3d293358

    • SHA256

      d35c0deea9e09e8f9b5d5eae1893017f5cbb410e13fbc4c7675bb34d096a697e

    • SHA512

      cc1bbc4ea4ef84a3c9c7474792c70cbd311710a86e329c2bd78c3e6b0e38653b29e5e6a79d26f0b7440ab469d88b5114d673675afa1766dc359df4cb7d89faa9

    • SSDEEP

      196608:EMebmM5R/eQyYKKHi1w9VhTxbAQ5owejuJDUX47dwdW06aw2cPaMBfQ0W8/La+YZ:E7bvpFK0iuVFxCaUX47d4Saw2CW8naD

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks