f9291efd2196c27700dae54a3524f517a197db931360ab87d2cba12ccb83c96b | Triage

Submit
Reports

Overview

overview

8

Static

static

8

f9291efd21...6b.exe

windows7_x64

8

f9291efd21...6b.exe

windows10_x64

8

Sharing

General

Target

f9291efd2196c27700dae54a3524f517a197db931360ab87d2cba12ccb83c96b
Size

2.4MB
Sample

210228-etfkxbh13a
MD5

11ff7ae90a30589cd3bcdbf662fad152
SHA1

f2740c1ebe111127206eebe0dcdd85a8a897495c
SHA256

f9291efd2196c27700dae54a3524f517a197db931360ab87d2cba12ccb83c96b
SHA512

454d4ccb7fe8bc2c15de1e1eac00467faeb3d8bc07a72cac7cf1d17f63208ef943b05b8bf089233bfbb966886aa7c617d00ffa5f3b9b36bc4516acf2ae71c400

Score

8^/10

spyware vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

f9291efd2196c27700dae54a3524f517a197db931360ab87d2cba12ccb83c96b.exe

Resource

win7v20201028

spyware vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f9291efd2196c27700dae54a3524f517a197db931360ab87d2cba12ccb83c96b.exe

Resource

win10v20201028

spyware vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f9291efd2196c27700dae54a3524f517a197db931360ab87d2cba12ccb83c96b
- Size
  
  2.4MB
- MD5
  
  11ff7ae90a30589cd3bcdbf662fad152
- SHA1
  
  f2740c1ebe111127206eebe0dcdd85a8a897495c
- SHA256
  
  f9291efd2196c27700dae54a3524f517a197db931360ab87d2cba12ccb83c96b
- SHA512
  
  454d4ccb7fe8bc2c15de1e1eac00467faeb3d8bc07a72cac7cf1d17f63208ef943b05b8bf089233bfbb966886aa7c617d00ffa5f3b9b36bc4516acf2ae71c400
Score

8^/10

spyware vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarevmprotect

behavioral2

spywarevmprotect

© 2018-2024

Terms | Privacy