Overview

overview

9

Static

static

3

2024-10-12...uk.exe

windows7-x64

7

2024-10-12...uk.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-10-12_5ad9fe00b00d88ea1c19db90201c3316_cobalt-strike_ryuk

  • Size

    19.8MB

  • Sample

    241012-q9b6xstfjg

  • MD5

    5ad9fe00b00d88ea1c19db90201c3316

  • SHA1

    8b13e08227df7372523a5d838d1cf5df8f061075

  • SHA256

    6d686bac9ed3e98d54854ada9b250df0c4c9fe58c2c1ad4d7dfe428aa050ca47

  • SHA512

    132105a68263ee26005f9b40f668503435c7dbfcf425853e8516f58d3d9c1a2e70f5e5ea86e32226bc322b81190a255f557f853506c20251832d41807d1f2954

  • SSDEEP

    393216:QVysdnvx9Uxe58YqyXcubo/I2BCy2VhTvxg5Xu:Q0ax9Ug8DGogqgPTpgh

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      2024-10-12_5ad9fe00b00d88ea1c19db90201c3316_cobalt-strike_ryuk

    • Size

      19.8MB

    • MD5

      5ad9fe00b00d88ea1c19db90201c3316

    • SHA1

      8b13e08227df7372523a5d838d1cf5df8f061075

    • SHA256

      6d686bac9ed3e98d54854ada9b250df0c4c9fe58c2c1ad4d7dfe428aa050ca47

    • SHA512

      132105a68263ee26005f9b40f668503435c7dbfcf425853e8516f58d3d9c1a2e70f5e5ea86e32226bc322b81190a255f557f853506c20251832d41807d1f2954

    • SSDEEP

      393216:QVysdnvx9Uxe58YqyXcubo/I2BCy2VhTvxg5Xu:Q0ax9Ug8DGogqgPTpgh

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks