8513ac042c987c6d67779b532018e46be4762b3a6082348c53ab49ba7ac91b5b

Sharing

Copy URL

Twitter E-mail

General

Target

c07c5d896251aa7561760651ec61b597.bin
Size

349.0MB
Sample

240701-dt53vavbrc
MD5

c07c5d896251aa7561760651ec61b597
SHA1

37c2272149718130616787ea00e2a8af06690cec
SHA256

8513ac042c987c6d67779b532018e46be4762b3a6082348c53ab49ba7ac91b5b
SHA512

a25bf9b5720881993c8ca7636390ec31d6f9948c07ebee910ad54e01aac754a4287ea515fb45cce165df794e8e338d61d32543c9ec9cadb4edf5212f71e61203
SSDEEP

6291456:xKMOlsABtDpX/VKqtp0tcno1un6UKs/BN2MjiEReOXVAAoggJt8/C2fcikL1G2+T:6VXpX/h0tZonJn2Mznl6PXp+Pb

Score

9^/10

Malware Config

Targets

- Target
  
  Fix+License+Keygen/Fix+License/binaryninjacore.dll
- Size
  
  146.4MB
- MD5
  
  fbd2f8a46534d2de631c78f428a9db6f
- SHA1
  
  33fbb594bbab9799ddfac98512629c3872e3ee89
- SHA256
  
  96b6fcb569bd7208829753dbdf2cede10eda2a23b97d449e860b6410ae4d97b9
- SHA512
  
  a92bbb570e66a5647df99cea449a982992b7b139c97ae7ad56704fec8d961e18e2a107e6defbe277dcf6965a1462bc32bf233580b848120978abdc7c4b2fbf5d
- SSDEEP
  
  786432:E0qESmeZaCwxL386EJ9Jgd3I83fEw+Jw7U53bfjJOmw8KMXvfyo:bqESmeZG9oJ9Jk3IoebfjJOmw8Bnr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Fix+License+Keygen/Keygen+Patch/KEYGEN.exe
- Size
  
  3.8MB
- MD5
  
  ebad1f6a6d31d3bc41c4dd032c65b5a9
- SHA1
  
  27a35676e86151d4f9f48ac2ca97a7bffdca79bd
- SHA256
  
  36316d947ad6892d08d04e0508b0cc08640f64e3b22b7e28c0830862cd9a151b
- SHA512
  
  43d46663220b3e433274ef58a074e74929d7075d4d4eebdc005e1671154bb5005aee95d697eb72fb0ec4f3c91c4044dd298a3e4574359ad2de0f8804266502e4
- SSDEEP
  
  98304:U/mPsUJQZ5BLHYl3vKQLLh4JE8Ls+0bGAN:PkuUL41td4JLEZ
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  Join Telegram for more.url
- Size
  
  128B
- MD5
  
  8e69ef0723269ec6a3f88b38f3d87cb6
- SHA1
  
  98e410c6fca03ab37d2e82bc103f499019d8d5b4
- SHA256
  
  771846ab3f8c33f137024e6a13e5a41ac30a212a8076ca80d8cb96093a77da69
- SHA512
  
  63d3e6f00d44a243119624a09a4e3261fc114775a6fbf4d561e849905383a391dceb558f8606cad4f03682b78119c8b26e5c23141f22420aeb15b7e9f4e231d1
Score

1^/10
behavioral5 behavioral6
- Target
  
  binaryninja_personal_dev_win64.exe
- Size
  
  318.3MB
- MD5
  
  e8b7a7fb698cde64cff050acaa9b49e1
- SHA1
  
  0a2dd14ef45710728116638a2fb5410d4183969c
- SHA256
  
  952154583e3af0bbcaf6b612796f9e4b9d7cf80cf95a1effbde5100bb74f71f4
- SHA512
  
  07fb8f8890205b91846616c5f96b05699dee150d51cc89a899e1dfc4cac7b5d93c28cb541fd8c2aeea018f81fe44cda5b98c59bd0cc5cb3a06d1f8c65424e093
- SSDEEP
  
  6291456:y8jLChoB7TdupLNynB8xRO1JrnYqOh5GaU551kmYIDauKl0tvm1zaFDIGjMsT86C:y8jLQoB7hMPxRO1JLYqOOa0511O2oJau
Score

4^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0063d48afe5a0cdc02833145667b6641
- SHA1
  
  e7eb614805d183ecb1127c62decb1a6be1b4f7a8
- SHA256
  
  ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
- SHA512
  
  71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
- SSDEEP
  
  192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  e167f9a565781a30c03ff10370033319
- SHA1
  
  1858758b076946073de375c6eb1bec9867aa3689
- SHA256
  
  a912514823df595ba3a048099d3b89e925a4d41742afc67e772060952892f312
- SHA512
  
  96d8f5ac8e2c0961ba71075de52d12515e7a058cddf3fa1ec14e77545b0b5f4e29324a13e2eb287a447f1d24dc9f09e0a70b0a25401b0ef8d90e6e4a96ce6c61
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6e64e5d5f9498058a300b26b8741d9d5
- SHA1
  
  837ce28e5e02788da63a7f1d8f20207d2b0bf523
- SHA256
  
  8d4b1c275fd1cd0782a265080b56d1aec8d1c93edca5ef3b050d1d20d7b61f33
- SHA512
  
  f53514d36021d79f85df2494d403f03589b3ad848889b9224f962cc932ef740f127131a914c7171ad8136ca1ef631285ea1c80576db18ccf8ea56940eb00ea1e
- SSDEEP
  
  96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
Score

3^/10
behavioral13 behavioral14
- Target
  
  Qt6Core.dll
- Size
  
  5.0MB
- MD5
  
  3e4a87596bb523176f43699f01080d71
- SHA1
  
  6e9fec59414772c079e9ea102ed3526d2fc924af
- SHA256
  
  72efe0ca9ca5b4aab553cb7d203c143fb87d51cfe8596d50b8b2192e2475bce6
- SHA512
  
  3597066325d56d3bcd1a86c832f088cef2e9a953e8559277d5f5424bfb8bf271ff537bc40dd773139299c08ea3671752d146830f89e2bf4be45b3134e3351881
- SSDEEP
  
  49152:xex9h5G8iaI/mJ+HUlUZPq7J5iWHECEL2LjQ0XttehoGq7zkwbxPrsX9KPrFulwv:+RsceiISMU2TUKFdu9CwJsv6t5D
Score

1^/10
behavioral15 behavioral16
- Target
  
  Qt6Gui.dll
- Size
  
  8.1MB
- MD5
  
  aeb9886b7aef5f8e933896eef9764b5f
- SHA1
  
  8e214fdce4b25383f19d318096a5e9e1fb3197a4
- SHA256
  
  192c5bfd621d58610faf6736f993be378fcbcfd809a39ef4d8c9f72bf4feed4e
- SHA512
  
  7ab2bd20afbcb89feb9296369192bb46b353ec1f30b04957ba95e9ae760703361170b0728c33f05695968571bf076c84cc9e995699b7963dd6f473bf5aa729b9
- SSDEEP
  
  49152:FyEn/DswICsSKKMC0GifOEyf7bqS5MLtppAWV3KoxV8yvmpa9/1amvsCsdkNL+xP:Pn/DszHOEA8wyF40tVQ64HzrhUJA
Score

1^/10
behavioral17 behavioral18
- Target
  
  Qt6Network.dll
- Size
  
  1.4MB
- MD5
  
  944bddc44dcf7445789c293f162fd68d
- SHA1
  
  080ddddad0d4b96db3bd9a80f478377fa817de30
- SHA256
  
  ef660bd9b187d427bbf5d907a5a36e1a66ea4d798d578bef6cc41cc746872602
- SHA512
  
  030bb2b060f07628c50affe56cb83f89d06e3d84c1fb437e546a319fece86f053110aa9f82a2bbcc27c2f13141aa126c1941665eabe133d45de8e168a31fa7e6
- SSDEEP
  
  12288:WMhbJ5VtCELz5uw1opTaUMiM0diMbetOvyhypOp04p1y4mCBc+foeRCbKh3HU9Pb:WMhdpCwkwGpTaBiMqdbmOKyWcwRCN9Pb
Score

1^/10
behavioral19 behavioral20
- Target
  
  Qt6PrintSupport.dll
- Size
  
  392KB
- MD5
  
  5910e77f14b1b746cdea6f8185790ab0
- SHA1
  
  7de168b97ab8623c01bfefb6ee5c9836eff71adb
- SHA256
  
  3089a866f2287cc99bb3d164077a9fc181528e4d9d3adf7521c1181d84606a79
- SHA512
  
  4aa2b83cd79fcbffc6c3c80abeef5d9fb2dba530e2e17fa79158cfac95629a37a8f3be4e6b566e1ea910954f9e40fa3ca287964f7a2f354501c2e1871669e722
- SSDEEP
  
  6144:k2Vi6KrAAVpp7uS3DKlL6PbiHik3sHA2Bqa5sGp4kEBMowsEAC9d/cZOpCuoaNJ3:khrJXB3DKkPb4sPlf
Score

1^/10
behavioral21 behavioral22
- Target
  
  Qt6Qml.dll
- Size
  
  4.8MB
- MD5
  
  4269647a9a765912ddffeda0e079d9d1
- SHA1
  
  89eccaa5b4dcb9fe19f14523ab9afd46662caf69
- SHA256
  
  df3b3d466b0c46b34423c3ef9e7518a3d972bd40769325c2ea908a8ec49c798d
- SHA512
  
  c68e26f471c427b1b9295b5817a400c4585a4710b0fbf20b7e0bb9992cf6c5853b52453f6cfd4dce825bbaf6ca7c774ec2fe8c7a5bcb67f3fc31424507325325
- SSDEEP
  
  49152:5Oe1+OIMfwAfwV99AkZXozzjDwwhXm/wCiKN+GC2Lk7V6/aCpduKKcRh7J0Jek0M:ePPOLzK4
Score

1^/10
behavioral23 behavioral24
- Target
  
  Qt6QmlModels.dll
- Size
  
  702KB
- MD5
  
  f5465a7141b6133d502ffc1ba24ba286
- SHA1
  
  a531b1a8c415518acf4d99568d5ed418f5b4e049
- SHA256
  
  758b6a5c1fd99487aa97b58eaf8963ea0aa8e583eb1816b026da1c8acca46daa
- SHA512
  
  c983473845e644b860b9eb7aee81996825f1437bc02f58b63ace2350fd60b6be6b5c60e88c3c2dd52876c99f5da32741a480decdc4772683defc6e126dfd61d8
- SSDEEP
  
  12288:hO+FBAE8jVBEhwybPfKj00j7WFnlqUo7B:fFBt8jDFKW00j7WFnlqUGB
Score

1^/10
behavioral25 behavioral26
- Target
  
  Qt6Svg.dll
- Size
  
  369KB
- MD5
  
  19a2b8a9a41d022809b466b11fef2c1e
- SHA1
  
  ac90eeb70b2c8dd916fb735391fe944c69e94942
- SHA256
  
  73db4f24d83f312a6de049fa199c4b2c30378a7e87fd6e8e095bfe004baa15ef
- SHA512
  
  4231d34983ff1e59dea40e0f49e0b2c5d260e1a4fee9e926e765f08730d76c52d39c9a1145e5fbc3f87a41578b23a1ce5e27ff83412464b8ce224cb4983fe1b8
- SSDEEP
  
  6144:xFRWeWNCf8+mF44vLvdJ0qM77N5R9H5dcsule10+nRIdOpYaqV64B8:xTHmFbLv0q2csuln068
Score

1^/10
behavioral27 behavioral28
- Target
  
  Qt6Widgets.dll
- Size
  
  6.0MB
- MD5
  
  7886edbba5544742678777b5e8110ea0
- SHA1
  
  5e88f98867c7032b3448dc754a959b411ed485ea
- SHA256
  
  a5f96aa7416bc2a18bc75a14f55f5fbd35af36a944be263b42544eba7e9c17d6
- SHA512
  
  44f8b43f66ba07b25560695421ab32759438bb2707b225e2bb6c78c04c004fadc11f3f017359d613fac1e47165e849c22b1c62a62a62a038670ba69e8231af08
- SSDEEP
  
  49152:Z3Mt9NC11MS28uJDOCeOfBMNLgbgP4JtrO8sucscV/S2DAr4AaF1D9xlafuHSp3W:gb8KUBhjsY/B8ay7uQaHnREzld+e03n9
Score

1^/10
behavioral29 behavioral30
- Target
  
  api-docs/_modules/binaryninja.html
- Size
  
  67KB
- MD5
  
  4cc9beb65f021a0db7d389315e9ecea4
- SHA1
  
  ba435a218a960f5f9a4b8fcc09dd760cf35bfa04
- SHA256
  
  d69a640f68f3c8d17f61f53367c15fdc442f36a7b0b9c5f709caa2a9efdd53b8
- SHA512
  
  b03ae586782e1aad1caeb4d7451001804809f7aba3fa522a770c529ac803135446f34886ae723a5e7551f220e54455230f894c5e3151ba3869f8cbcc63089b5c
- SSDEEP
  
  1536:7wpHIlBaTsZ7QdiSlAllFSIFGflNojYLRXY:6cBaTsZ7QdNAllFSIFGdNosLRXY
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32