85a8fb1a3141fdca3588330bd8945a8775af26f0a145ed61e68bcd351915b25a | Triage

Submit
Reports

Overview

overview

9

Static

static

7

loader.exe

windows7-x64

9

loader.exe

windows10-2004-x64

9

Sharing

General

Target

loader.exe
Size

18.8MB
Sample

241123-vbeavavjdj
MD5

8bba02b9071196c8b1681eb086e699b3
SHA1

adc78b8c976c3e9f52f57c760b3047e3c91fb389
SHA256

85a8fb1a3141fdca3588330bd8945a8775af26f0a145ed61e68bcd351915b25a
SHA512

06aa6c03a256489039276ee091ef346112ad7a225b97fac803f8288f927a65fc68d7f3421c3e8bf9d82236d6805688d40a5ba5bce2ea61821867edccebbc3436
SSDEEP

393216:MxsYJZy/ER2j9dkgZ3lNQdTVng6//XWIDCF/BilP+U7AY5zE3qsw5:MxDy/ZrQFVnZ3XWQCNBil2U7AY5zEu

Score

9^/10

evasion persistence privilege_escalation themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

loader.exe

Resource

win7-20240903-en

evasion persistence privilege_escalation themida trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

loader.exe

Resource

win10v2004-20241007-en

evasion persistence privilege_escalation themida trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  loader.exe
- Size
  
  18.8MB
- MD5
  
  8bba02b9071196c8b1681eb086e699b3
- SHA1
  
  adc78b8c976c3e9f52f57c760b3047e3c91fb389
- SHA256
  
  85a8fb1a3141fdca3588330bd8945a8775af26f0a145ed61e68bcd351915b25a
- SHA512
  
  06aa6c03a256489039276ee091ef346112ad7a225b97fac803f8288f927a65fc68d7f3421c3e8bf9d82236d6805688d40a5ba5bce2ea61821867edccebbc3436
- SSDEEP
  
  393216:MxsYJZy/ER2j9dkgZ3lNQdTVng6//XWIDCF/BilP+U7AY5zE3qsw5:MxDy/ZrQFVnZ3XWQCNBil2U7AY5zEu
Score

9^/10

evasion persistence privilege_escalation themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceprivilege_escalationthemidatrojan

behavioral2

evasionpersistenceprivilege_escalationthemidatrojan

© 2018-2024

Terms | Privacy