Overview

overview

10

Static

static

7

HWID TEMP.exe

windows7-x64

10

HWID TEMP.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HWID TEMP.exe

  • Size

    8.4MB

  • Sample

    250205-vqha2swlbt

  • MD5

    66f16eba29538513e9b9192af99cd04e

  • SHA1

    f78cb4b0ecdbe6829475398e656d1108972dfd4b

  • SHA256

    39f5d98b2310076f0a7cd2e6cbe361a56159b64f0e3111fa3944de00f3201548

  • SHA512

    35262d75eb31552715b85f27c4010a5b9bfd6e75a738891b22b7ae267fe1fedd6db25b20a8ec82ec3fa67a4e80bb87d2af70fba160a39e15fdc66a46e49b9d54

  • SSDEEP

    98304:c00DreqqJSyFHc5FvRS7f6h6IiIfz0hca/hTNXR+h7z9lpF0/ycoa:c00JqJtc5p4fgAIfghPYhVLF0

Score
10/10
elysiumstealerdefense_evasiondiscoverystealerthemidatrojan

Malware Config

Targets

    • Target

      HWID TEMP.exe

    • Size

      8.4MB

    • MD5

      66f16eba29538513e9b9192af99cd04e

    • SHA1

      f78cb4b0ecdbe6829475398e656d1108972dfd4b

    • SHA256

      39f5d98b2310076f0a7cd2e6cbe361a56159b64f0e3111fa3944de00f3201548

    • SHA512

      35262d75eb31552715b85f27c4010a5b9bfd6e75a738891b22b7ae267fe1fedd6db25b20a8ec82ec3fa67a4e80bb87d2af70fba160a39e15fdc66a46e49b9d54

    • SSDEEP

      98304:c00DreqqJSyFHc5FvRS7f6h6IiIfz0hca/hTNXR+h7z9lpF0/ycoa:c00JqJtc5p4fgAIfghPYhVLF0

    Score
    10/10
    elysiumstealerdefense_evasiondiscoverystealerthemidatrojan

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

      stealerelysiumstealer

    • ElysiumStealer Support DLL

    • Elysiumstealer family

      elysiumstealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Looks for VirtualBox Guest Additions in registry

      defense_evasion

    • Looks for VMWare Tools registry key

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks