Overview

overview

8

Static

static

7eab81a8c3...ce.exe

windows7_x64

8

7eab81a8c3...ce.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7eab81a8c3d73c5a40309317d8a618ce.exe

  • Size

    542KB

  • Sample

    210220-t5a87zj3e6

  • MD5

    7eab81a8c3d73c5a40309317d8a618ce

  • SHA1

    0c0dc197a1d109c2cd70f4164ad9264b23efff3a

  • SHA256

    3d2bd69871c0a443d1e4c2a5ec37833dbcbce929aba368745f10d7b981a5264c

  • SHA512

    f50b32ff94a04236a6fa64d2c204804f4f9f4c401e3eab91a7aa5a3288578489d6efaabf4499c1a73a50f32e0c0fae497efa2453e4374b2c108a7c935280ed7f

Score
8/10
spywarevmprotect

Malware Config

Targets

    • Target

      7eab81a8c3d73c5a40309317d8a618ce.exe

    • Size

      542KB

    • MD5

      7eab81a8c3d73c5a40309317d8a618ce

    • SHA1

      0c0dc197a1d109c2cd70f4164ad9264b23efff3a

    • SHA256

      3d2bd69871c0a443d1e4c2a5ec37833dbcbce929aba368745f10d7b981a5264c

    • SHA512

      f50b32ff94a04236a6fa64d2c204804f4f9f4c401e3eab91a7aa5a3288578489d6efaabf4499c1a73a50f32e0c0fae497efa2453e4374b2c108a7c935280ed7f

    Score
    8/10
    vmprotectspyware

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks