Overview

overview

9

Static

static

7

yerex.exe

windows7-x64

9

yerex.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sc3mzzQ.rar

  • Size

    25.2MB

  • Sample

    241123-qa43navpcw

  • MD5

    d9a0757e2192d5028bb04a12deca8624

  • SHA1

    bdd8be823dfcce02dc574a75948a483b0eb815c4

  • SHA256

    2c8fbaab0bb4085632595ab9224c9501cb9b6a0ff65290b4fb05bed13f005353

  • SHA512

    4a30aa59ea03a412246a4925a4ec1f0d44f1720515c551986407fe3692dc97854e1ff3690c7198180ba28020273a2286f538e06baef7fb0eed52e7b7f9b5ca7c

  • SSDEEP

    786432:FX3IykdtyPUvhBIYLQs6ThcSSpm/bsLH6d:lIyeQP2DLQUSkm/o7C

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      yerex.exe

    • Size

      25.2MB

    • MD5

      0bbb4624436007933ff6dc22b1820f18

    • SHA1

      b7733a8d52b60a0909ecc45237a3679354220908

    • SHA256

      98cb3e01c7990a6222f387adda3a1e3c4316d7b68f3da250dc6754ee0086c6cc

    • SHA512

      6a7161030b49374c5c46f37ea12f82d2500ca76f10e9abeeb2a55421385d075e771c3ff4a74ed35f01b6d0c651f5e51dcf63fe0db9a40196225db335e3e07cd3

    • SSDEEP

      786432:xhnEKv3rAKZaCdT0kjZeVBy7DbWF1snuI/kaJ4dHA:vnNvrXTmFKn//kax

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks