2038d335e18e3621f07b054f611a8042a89dae7621248c4db5048c414fbcc19a | Triage

Submit
Reports

Overview

overview

9

Static

static

7

w/Glix.exe

windows11-21h2-x64

9

w/cpr.dll

windows11-21h2-x64

1

w/libcurl.dll

windows11-21h2-x64

1

w/xxhash.dll

windows11-21h2-x64

1

w/zlib1.dll

windows11-21h2-x64

1

w/zstd.dll

windows11-21h2-x64

1

Sharing

General

Target

w(1).rar
Size

4.4MB
Sample

240630-y1ybssxenq
MD5

de4585713a9369206bbe2d63339fdce3
SHA1

0e533e5e1e476b0e454b2a334b8c4475f4defa3a
SHA256

2038d335e18e3621f07b054f611a8042a89dae7621248c4db5048c414fbcc19a
SHA512

35ab5421b31a5b751347347bddfe8cbf30e6333736c38afa02e757f66a4918d6ccbcac0c0404aae12ac33667e0202a794c3cff99897f44075e58cc58d5dfc6bb
SSDEEP

98304:BvAOO00i7P59Xzt2nevBH+IykRrZseietjLwC:BoO3jP59XztTTsoPwC

Score

9^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

w/Glix.exe

Resource

win11-20240508-en

evasion themida trojan

windows11-21h2-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

w/cpr.dll

Resource

win11-20240611-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

w/libcurl.dll

Resource

win11-20240508-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

w/xxhash.dll

Resource

win11-20240611-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

w/zlib1.dll

Resource

win11-20240419-en

windows11-21h2-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

w/zstd.dll

Resource

win11-20240508-en

windows11-21h2-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  w/Glix.exe
- Size
  
  3.8MB
- MD5
  
  045f740def841f8d26ccfbfe817875f9
- SHA1
  
  db2bdafff4932acca4c7ad606b1d7d4c47d6d0da
- SHA256
  
  e08cdc72c6a80a83a6ef55e23c4b89095470ef3eab91e99a8a5ff9e1aabf69c3
- SHA512
  
  d9a3fd84e9338e1b89559bbcb0ff3acc139b555614771e47a62ad9982c9a793c336a9fef82a330b58cd041b1a105eb33b753a2232bcf81d308068e35042a7d5f
- SSDEEP
  
  98304:bvUzB93cgv7DjQ/uhu1pLVaszNYdHjfdIzsYNIKZrXJcO:Al9cgUOurRasJYdfdIo0I8rXeO
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  w/cpr.dll
- Size
  
  538KB
- MD5
  
  11a8d39fbb43da427957e87c0da6422e
- SHA1
  
  0b6c928ad9010c6665637dbb51718eeb324efd20
- SHA256
  
  15c04c6b7261984e1a66a08d6ce2ac1b5d353d9709a0b7d79a0ac0f866fc6300
- SHA512
  
  686575e811af4e4730b726d1a5f7793a8a3518f7adf015bff88dda5ec215488de78d75585405ec0d2d9639964fb8df8c78ab6c4bfd7dd0cf34ad2fc1c6d6820d
- SSDEEP
  
  3072:3iL5Ia+j82tKqAPKk/k6/LGiGC3FOnrXRLbtxUxUJoXipxaJ6Fae1H7nM/:Y+YR/k6TG7CgBLxxbeXIaJsDH7n0
Score

1^/10
behavioral2
- Target
  
  w/libcurl.dll
- Size
  
  522KB
- MD5
  
  810069154354544376983e47506ef7de
- SHA1
  
  36d0b270b3b20ebb68e0671626e5d82d8e60d5ae
- SHA256
  
  88fceef289646eb8d44a8aa9685a747799d479f72b50d2c7a3a672a66b6742d4
- SHA512
  
  dd46ef90163e1fa5f124e7757e6e9eb8b9822c51b9d6b5fabda7a3168f4b2c85a904594128dd29a84aaceb20856c1732c0aaed9db80032402e41106a3e5de460
- SSDEEP
  
  12288:UY7DfTvHmlv4DHQQnbBzXU5obh/Xarj7+9EuG9:UGfjmlv2nnVzX11Xsy9EB9
Score

1^/10
behavioral3
- Target
  
  w/xxhash.dll
- Size
  
  45KB
- MD5
  
  38a87bff4aea9e595ede175f6b734f8a
- SHA1
  
  ea0bc25292f730fea597c57a5b105023d5a286a6
- SHA256
  
  e41c7830b6b26a9215078972657b0d789b74f9befbc30b50057ba0b4fd9539d4
- SHA512
  
  c44653ddea051f2e776ee5af67d3343405b4083bef4a596c277a2b1e37651e2607e694eb19db819d5ab6ba20cdd3c6435fcf55d2aecf08a978c0a74c33c4167a
- SSDEEP
  
  768:/9otvM7DZ1LMDJdj+LVvgFlJus4zBYNXK3QDV:/9UEDLMDJxKM0sceXKA
Score

1^/10
behavioral4
- Target
  
  w/zlib1.dll
- Size
  
  87KB
- MD5
  
  3b5256a2a65c59d4f2d45c28a55996ec
- SHA1
  
  3fadc1fb82664376b2f255986352594c82c85097
- SHA256
  
  7eb9e3f677b38e0c34f29d2814b9aa471f242931cfefaa98deed77a1171721a4
- SHA512
  
  af5be3361267910ee518f262daa48df829b40a922d61c9dd079901cb361fb73b148de46b8067fc43509a750a30a149e9688d4ebdfa4514cd8779198b6c43565b
- SSDEEP
  
  1536:w7AjHHWMmn17hkzjEpzkEWtR6l9RFIOcIOsbX/FhZZD:wsjH2Mm10jEpA6vRPSsbX/TZZD
Score

1^/10
behavioral5
- Target
  
  w/zstd.dll
- Size
  
  634KB
- MD5
  
  eb8b280cbdf96296a4d02cdf33c5af07
- SHA1
  
  5d79020ea116a0fd40e5c97c9a828ac536a61c77
- SHA256
  
  e375ac00701cced00c6a126da7774c674a5577d02fba54670db67ba5216b9655
- SHA512
  
  5aceecb6a8b4b4ee13fb6057f591c6c4b56a1148e28927191d2152b48c72462f3bdba734319e463afb141c20b3a134fd518c44a1093ff40485d3674a12119ee4
- SSDEEP
  
  12288:qilExK/S1adDEh1qMkUFZe8/pJcOAAqqlI:qilEb1adDEh1qMkYZe8/pJxAAllI
Score

1^/10
behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

© 2018-2024

Terms | Privacy