9e2dee304f08830bfa6613f4e2f3ed9747f0891e5edea6fdd24b621fab850a96 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

9e2dee304f...96.exe

windows7_x64

8

9e2dee304f...96.exe

windows10_x64

8

Sharing

General

Target

9e2dee304f08830bfa6613f4e2f3ed9747f0891e5edea6fdd24b621fab850a96
Size

2.4MB
Sample

210301-rwgfgzr5be
MD5

7e8b83017a23b0689d96153cff3082be
SHA1

3447cb1807e91723e417cd329095153cb3f7c092
SHA256

9e2dee304f08830bfa6613f4e2f3ed9747f0891e5edea6fdd24b621fab850a96
SHA512

324df76b9c4756c05e449115f7c08953cb9d9448906288d8c3842097ab5df5bc812c0f189e77dbd94ad03f4941f05823718b017d13bd371fd6a05654621cdcb4

Score

8^/10

spyware vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

9e2dee304f08830bfa6613f4e2f3ed9747f0891e5edea6fdd24b621fab850a96.exe

Resource

win7v20201028

spyware vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9e2dee304f08830bfa6613f4e2f3ed9747f0891e5edea6fdd24b621fab850a96.exe

Resource

win10v20201028

spyware vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9e2dee304f08830bfa6613f4e2f3ed9747f0891e5edea6fdd24b621fab850a96
- Size
  
  2.4MB
- MD5
  
  7e8b83017a23b0689d96153cff3082be
- SHA1
  
  3447cb1807e91723e417cd329095153cb3f7c092
- SHA256
  
  9e2dee304f08830bfa6613f4e2f3ed9747f0891e5edea6fdd24b621fab850a96
- SHA512
  
  324df76b9c4756c05e449115f7c08953cb9d9448906288d8c3842097ab5df5bc812c0f189e77dbd94ad03f4941f05823718b017d13bd371fd6a05654621cdcb4
Score

8^/10

spyware vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarevmprotect

behavioral2

spywarevmprotect

© 2018-2024

Terms | Privacy