Overview

overview

9

Static

static

7

veax_protected.exe

windows7-x64

9

veax_protected.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    veax_protected.exe

  • Size

    3.8MB

  • Sample

    240630-3ws9hasgpj

  • MD5

    386428b81e1a52e63f688e9ed323d066

  • SHA1

    bd94ce6bd113d2f1b69af81244b268fda9d99160

  • SHA256

    91bd58996da4433a6ce296547bea69861478b653117315831bfd825b2e4e0d3a

  • SHA512

    d5b0d98a981f7ee2571ed2b4ed3932c71c0629676e9bbb7e3e457a347f029f1abe43b951c7e9430f0afc9f06bc886f28b198a828a837a2fd98fe5758ae35f15a

  • SSDEEP

    49152:tI7WUD3/Bu/mJiKNUyGy8lPO3dpFwvq8zZ9TMit9nXIALJ95Z+0dVgBreCdz3xo2:tuvJiAGytb8Xpt9ICJ95BdVgJ1CH7Glj

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      veax_protected.exe

    • Size

      3.8MB

    • MD5

      386428b81e1a52e63f688e9ed323d066

    • SHA1

      bd94ce6bd113d2f1b69af81244b268fda9d99160

    • SHA256

      91bd58996da4433a6ce296547bea69861478b653117315831bfd825b2e4e0d3a

    • SHA512

      d5b0d98a981f7ee2571ed2b4ed3932c71c0629676e9bbb7e3e457a347f029f1abe43b951c7e9430f0afc9f06bc886f28b198a828a837a2fd98fe5758ae35f15a

    • SSDEEP

      49152:tI7WUD3/Bu/mJiKNUyGy8lPO3dpFwvq8zZ9TMit9nXIALJ95Z+0dVgBreCdz3xo2:tuvJiAGytb8Xpt9ICJ95BdVgJ1CH7Glj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks