2a43c2d26e4a34e67016e6ec122c70ae2851112e07d1f8798a8dcf2af87e4eed

General

Target

Hydrargyrum.zip
Size

6.9MB
Sample

250404-czay8a1jt7
MD5

e804887e3363ff2bca7941043f8a8bd4
SHA1

fdc393353a0e17c697f58364fb096e71ff374953
SHA256

2a43c2d26e4a34e67016e6ec122c70ae2851112e07d1f8798a8dcf2af87e4eed
SHA512

6856e8831107d0b41474ed2b0f046992fe84c5cb79b85ec5eaf0954744b78e3a8afad7b618405a0559c77f321d1c08c722267ae0cc8f937ccd33d158ea15ca14
SSDEEP

196608:rU1aaysD7AGOsL9bsqg0UU4t27nuy6hfSFfIodrl:IXwI9AqgPUXDuLhfGfIoX

Score

10^/10

Malware Config

Targets

- Target
  
  Hydrargyrum.exe
- Size
  
  3.7MB
- MD5
  
  a0a8391a92e6c46ab606fcd57cf4f4a4
- SHA1
  
  930e6f27b6007529edff5371a1793b36a05d76ee
- SHA256
  
  dd97db57914c2b501d6a0762ff8e1dca8f921aec80887e2d3842b399bea16571
- SHA512
  
  80798537a6c7fb585e19f399741230fed26d398bcfa17196b9e2d2de9aae1f8b0c33674113e676de390fff4cceeaea2b04976c82d5ab75f955eb51a44f90bcd7
- SSDEEP
  
  98304:mqZyM3zLdY32bVNZKCIHcF1T1S2kG6nl6A:TsAZY32PsFIsXl6
Score

10^/10

bootkit defense_evasion discovery persistence themida trojan
- Modifies WinLogon for persistence
  persistence
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  Hydrargyrum.harmless.exe
- Size
  
  3.6MB
- MD5
  
  e253841459b798a5ca861daaeb44ff5c
- SHA1
  
  9d4069fb41c3dfa9314ece82efde72d8602ce9b7
- SHA256
  
  d3b50942c8262e5bd658a3938e3218168adbfe86698a55bd02f6a94fd7afbbfe
- SHA512
  
  99d3328f52de8995467c32797ad81a8d37b93e814a535bffd617b5a8aed0a2412f1e037eb28f1d6e3777dfb1fed25429b2da2ae6dab1645dfce7cb792f9a11db
- SSDEEP
  
  49152:0hdgcpljaq6JfqRZBX8iYI9VwSUO+5+/uKLCsS7MSVQKpbfd56R0StwWkWo9Ck9B:0jpBqdqRLJZkdeSwSVQwf2x7KCKK
Score

9^/10

defense_evasion discovery themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2