Overview

overview

9

Static

static

7

TFT_SERVER.exe

windows10-ltsc_2021-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TFT_SERVER.exe

  • Size

    13.9MB

  • Sample

    250327-ygb98axtav

  • MD5

    367eed9cd88ac6c7b85d81640b028e74

  • SHA1

    4cb2fcc17d94065c44b8989c3cb83887059d552b

  • SHA256

    b28f01c902ee902205c5fd1486983991d54f5ee90024a82e4c516eede2c46ae7

  • SHA512

    cbc75068c05cbcddd9920e11aa017b0bd60cd171dd89bfa3cce4c27fdc3913e8ed9863d56b8040e2b2fcfc9e6d71ad84c2659f2a0ecc3ef21dfec5a211c582fe

  • SSDEEP

    196608:t6ST+pvtSR8WKZp3EhpLpTslFV9GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDubbjY:r8p3E3pslFVkYVI5DK2NNs6LtYdEhSp

Score
9/10
agilenetdefense_evasiondiscoverythemidatrojan

Malware Config

Targets

    • Target

      TFT_SERVER.exe

    • Size

      13.9MB

    • MD5

      367eed9cd88ac6c7b85d81640b028e74

    • SHA1

      4cb2fcc17d94065c44b8989c3cb83887059d552b

    • SHA256

      b28f01c902ee902205c5fd1486983991d54f5ee90024a82e4c516eede2c46ae7

    • SHA512

      cbc75068c05cbcddd9920e11aa017b0bd60cd171dd89bfa3cce4c27fdc3913e8ed9863d56b8040e2b2fcfc9e6d71ad84c2659f2a0ecc3ef21dfec5a211c582fe

    • SSDEEP

      196608:t6ST+pvtSR8WKZp3EhpLpTslFV9GeDVI5DKBWZlkgJedYs6LtYdEhqTgKDubbjY:r8p3E3pslFVkYVI5DK2NNs6LtYdEhSp

    Score
    9/10
    agilenetdefense_evasiondiscoverythemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks