Overview

overview

9

Static

static

7

Aiken.exe

windows7-x64

9

Aiken.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Aiken.rar

  • Size

    3.6MB

  • Sample

    241221-sf8dda1qax

  • MD5

    96dc175ffddcdfdf3255f214097ab5e9

  • SHA1

    2dc1e3dda1bb9b2d5c2ffacc2522d14672d7e6c8

  • SHA256

    67215362ba3caf84c2b18e75c7d3612cf1cf4136bc6f30ae713f1a7c5fb17715

  • SHA512

    0392e9d5404d3a1d00a93e692a00d8e6fff486ad75cadaabccc34a3a4b5397936b88fd4764898679f1d166937e6dd46e0b519b0e70572cf35e5b77e9f05df59c

  • SSDEEP

    49152:ZYDC/w8EkvvDSAkWxr/4n+7zyF3y+UU6iwys5Rojp50ZzNDR2qZdcu05Pl4WGhcU:AEEsNCy+UjiwsD0ZzNDRZT8PKV6RflLu

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      Aiken.exe

    • Size

      3.6MB

    • MD5

      908918286f456a6514bb9428dbbbc168

    • SHA1

      5009a72abfb09220235df7e86c41540e1fb2b0cb

    • SHA256

      3acee62d98e0313325f192e8ab31d2d5323986bdc6ce17c9104bca082f0596ce

    • SHA512

      7dddfe8af1696ceace9202022b55a46926f1ac4187cf797bcde67aa98a82836760d5e2d950334b54382bf13be94ccc1ab505aee72093596bf7f652560002bab8

    • SSDEEP

      98304:X1BPJse4v3ujOnAex8TVcguqCSQKBTLOlLoAISj+lySav:FHL2+jOnAU8fuVKh2LCm

    Score
    9/10
    discoveryevasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks