Overview

overview

9

Static

static

7

Scooby.exe

windows7-x64

9

Scooby.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scooby.exe

  • Size

    7.8MB

  • Sample

    241121-l2ff6a1ajh

  • MD5

    ae7fde370b3f9f9d8f85f9730fb7cb60

  • SHA1

    81f7adcb70ecdb64e163c214949b63f9da7d1e66

  • SHA256

    4fc4b28effd4a919a2c9135976641d17c349c92eb59530b142c37f900ff0e567

  • SHA512

    3bd2423aac11963e2a4f34db3881d566dc9abb12b8d4d097c15d4469de4366b7995850c23a2a2e040b424f9547b426d567d0634e2620a1885120d80eb32a706f

  • SSDEEP

    196608:TG/HEQpC4DtE0oBPd8Oq4BC0z9W2TOn3M0Q65oy9J7gb1/:T4ZpCVP/+0J63aUM/

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Scooby.exe

    • Size

      7.8MB

    • MD5

      ae7fde370b3f9f9d8f85f9730fb7cb60

    • SHA1

      81f7adcb70ecdb64e163c214949b63f9da7d1e66

    • SHA256

      4fc4b28effd4a919a2c9135976641d17c349c92eb59530b142c37f900ff0e567

    • SHA512

      3bd2423aac11963e2a4f34db3881d566dc9abb12b8d4d097c15d4469de4366b7995850c23a2a2e040b424f9547b426d567d0634e2620a1885120d80eb32a706f

    • SSDEEP

      196608:TG/HEQpC4DtE0oBPd8Oq4BC0z9W2TOn3M0Q65oy9J7gb1/:T4ZpCVP/+0J63aUM/

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks