Overview

overview

9

Static

static

7

LithiumLite.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LithiumLite.exe

  • Size

    3.7MB

  • Sample

    241123-y3xs2s1kgm

  • MD5

    2d1c1c911130b38a59889a43a3aa84cd

  • SHA1

    7bd4c2cae027b038827d03200ded37dfacf4b9d6

  • SHA256

    67abc7abb10191e8cbb1448136764f631919540f2511dcc283e4db5fcfd31ce8

  • SHA512

    091abaa7dc9dddb5374d0cc5dd98625e067e5664717c31f94e8c3829253cdafac6df8b72299015546480a088b3500daf3b27ab67a76e1ea7831a6fcec3865318

  • SSDEEP

    98304:dp4L/P8E9sTagw10xY/mMw/uqRPdB69AgXAGt:AL/UE9yaHnw/b3IagXAI

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      LithiumLite.exe

    • Size

      3.7MB

    • MD5

      2d1c1c911130b38a59889a43a3aa84cd

    • SHA1

      7bd4c2cae027b038827d03200ded37dfacf4b9d6

    • SHA256

      67abc7abb10191e8cbb1448136764f631919540f2511dcc283e4db5fcfd31ce8

    • SHA512

      091abaa7dc9dddb5374d0cc5dd98625e067e5664717c31f94e8c3829253cdafac6df8b72299015546480a088b3500daf3b27ab67a76e1ea7831a6fcec3865318

    • SSDEEP

      98304:dp4L/P8E9sTagw10xY/mMw/uqRPdB69AgXAGt:AL/UE9yaHnw/b3IagXAI

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks