Overview

overview

9

Static

static

7

31ceb9014f...01.dll

windows7-x64

9

31ceb9014f...01.dll

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    31ceb9014f0e7ba8529c6dfa625abf48a0c39120bf976094b6c33363cdfb0a01

  • Size

    3.5MB

  • Sample

    241012-rr2vaszblr

  • MD5

    25fef25074dd0749c978bf01a36965f4

  • SHA1

    67910025c3b84a8324d3ea5e1afd93fd1cd00b41

  • SHA256

    31ceb9014f0e7ba8529c6dfa625abf48a0c39120bf976094b6c33363cdfb0a01

  • SHA512

    29ea7d313597324fc32d9a0beea28f0fc7a1b0befdf8e5493637b411b6062f07b61568733ea2b1adf028b6eba830ab7de6aae0df89df05639f4bd5eb63a1305a

  • SSDEEP

    98304:VkdcixpTI1NMpnARKIJPKKz0m/uwPsMq943J5sCpP:Z2+1NMpARKuPVzpY943J5n

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      31ceb9014f0e7ba8529c6dfa625abf48a0c39120bf976094b6c33363cdfb0a01

    • Size

      3.5MB

    • MD5

      25fef25074dd0749c978bf01a36965f4

    • SHA1

      67910025c3b84a8324d3ea5e1afd93fd1cd00b41

    • SHA256

      31ceb9014f0e7ba8529c6dfa625abf48a0c39120bf976094b6c33363cdfb0a01

    • SHA512

      29ea7d313597324fc32d9a0beea28f0fc7a1b0befdf8e5493637b411b6062f07b61568733ea2b1adf028b6eba830ab7de6aae0df89df05639f4bd5eb63a1305a

    • SSDEEP

      98304:VkdcixpTI1NMpnARKIJPKKz0m/uwPsMq943J5sCpP:Z2+1NMpARKuPVzpY943J5n

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks