hxxps://disk[.]yandex[.]ru/d/dpXeTFIuDGYG8g | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

Win105M

windows10_x64

Sharing

General

Target

https://disk.yandex.ru/d/dpXeTFIuDGYG8g
Sample

210226-v8622bkgt6

Score

10^/10

discovery persistence spyware vmprotect

Static task

static1

URLScan task

urlscan1

Sample

https://disk.yandex.ru/d/dpXeTFIuDGYG8g

Behavioral task

behavioral1

Sample

https://disk.yandex.ru/d/dpXeTFIuDGYG8g

Resource

win10v20201028

discovery persistence spyware vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  https://disk.yandex.ru/d/dpXeTFIuDGYG8g
Score

10^/10

discovery persistence spyware vmprotect
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

discoverypersistencespywarevmprotect

© 2018-2024

Terms | Privacy