Overview

overview

8

Static

static

ฺฺฺà...

windows10_x64

8

Resubmissions

16-02-2021 13:22

210216-xxjmp82nqj 8

16-02-2021 13:16

210216-8pt5s5p8hs 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.exe

  • Size

    67.7MB

  • Sample

    210216-xxjmp82nqj

  • MD5

    4f32cc30399070757f0c9dea84b12693

  • SHA1

    293bcc9e70705a27702120bf62372ea4db0d4654

  • SHA256

    61706cdaaf6c9ac6f228ccc39fff7bce81f903b454e11b4873247bd5f8e7f3e7

  • SHA512

    77f47676ac3395c1da14a28e741add97f2a443e03acd95be2ad1c98949aed6d1e4b0861e0863fb470fd575a3e0febdaa8d9d2f8baf169a8dc8449c8c9af315c6

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      Desktop.exe

    • Size

      67.7MB

    • MD5

      4f32cc30399070757f0c9dea84b12693

    • SHA1

      293bcc9e70705a27702120bf62372ea4db0d4654

    • SHA256

      61706cdaaf6c9ac6f228ccc39fff7bce81f903b454e11b4873247bd5f8e7f3e7

    • SHA512

      77f47676ac3395c1da14a28e741add97f2a443e03acd95be2ad1c98949aed6d1e4b0861e0863fb470fd575a3e0febdaa8d9d2f8baf169a8dc8449c8c9af315c6

    Score
    8/10
    persistencevmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks