Overview

overview

8

Static

static

b655d3b9c4...0b.exe

windows7_x64

8

b655d3b9c4...0b.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b655d3b9c40b930c8418be42858df38464ed574350bdef24dc99d1159e688e0b

  • Size

    5.1MB

  • Sample

    210228-l4ydy5p6se

  • MD5

    bb3d3b2bddc91a0e37fa0eb640e5bbec

  • SHA1

    641d3456dc9d0d329a3b28fdc3ba6fb247d1f42d

  • SHA256

    b655d3b9c40b930c8418be42858df38464ed574350bdef24dc99d1159e688e0b

  • SHA512

    1f80e87de10bd846c8f8c0eeb8503a6d595c7bad4285b0ed90c299a3a93c21ec2658af93d45a8baa43d4de23ca6129527223e34489e69eb5abfcdaa61d580f8b

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      b655d3b9c40b930c8418be42858df38464ed574350bdef24dc99d1159e688e0b

    • Size

      5.1MB

    • MD5

      bb3d3b2bddc91a0e37fa0eb640e5bbec

    • SHA1

      641d3456dc9d0d329a3b28fdc3ba6fb247d1f42d

    • SHA256

      b655d3b9c40b930c8418be42858df38464ed574350bdef24dc99d1159e688e0b

    • SHA512

      1f80e87de10bd846c8f8c0eeb8503a6d595c7bad4285b0ed90c299a3a93c21ec2658af93d45a8baa43d4de23ca6129527223e34489e69eb5abfcdaa61d580f8b

    Score
    8/10
    vmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks