12206d2f24d20109cf0f5606cf15aa696b62a5c6ae278270624aefc04f103e65 | Triage

Submit
Reports

Overview

overview

8

Static

static

ฺฺฺ�...ฺฺ

windows10_x64

8

Sharing

General

Target

Escobar Manager.exe
Size

2.1MB
Sample

210223-3cskj1atgs
MD5

6502c0701c4be2957a295f871b87cd9b
SHA1

b1211d62949bd30078d19a86f644b12845384075
SHA256

12206d2f24d20109cf0f5606cf15aa696b62a5c6ae278270624aefc04f103e65
SHA512

f9cf955c905579a8057eedfbe23d4673c116587e944c8db36d232cadbd7868661467a5370e669f93c5edc62b83218ba1b0bf02916395c79b799e737d63777315

Score

8^/10

evasion vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

Escobar Manager.exe

Resource

win10v20201028

evasion vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Escobar Manager.exe
- Size
  
  2.1MB
- MD5
  
  6502c0701c4be2957a295f871b87cd9b
- SHA1
  
  b1211d62949bd30078d19a86f644b12845384075
- SHA256
  
  12206d2f24d20109cf0f5606cf15aa696b62a5c6ae278270624aefc04f103e65
- SHA512
  
  f9cf955c905579a8057eedfbe23d4673c116587e944c8db36d232cadbd7868661467a5370e669f93c5edc62b83218ba1b0bf02916395c79b799e737d63777315
Score

8^/10

evasion vmprotect
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionvmprotect

© 2018-2024

Terms | Privacy