Overview

overview

7

Static

static

3

Volatility...st.xml

windows7_x64

1

Volatility...st.xml

windows10_x64

1

Volatility...oj.xml

windows7_x64

1

Volatility...oj.xml

windows10_x64

1

Volatility...ch.exe

windows7_x64

1

Volatility...ch.exe

windows10_x64

1

vol.exe

windows7_x64

7

vol.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VolatilityWorkbench.zip

  • Size

    10.8MB

  • Sample

    210630-xbagh5l5lj

  • MD5

    0590addbd5828c14fc226b039c06ad14

  • SHA1

    c8b5f30c0c832ab5c328392883145e2f124158da

  • SHA256

    2f46e02cfaf25c654fee0a00e2bddf1766106bf322bdd2d2db797950c9e49e9b

  • SHA512

    7fd5aa4385a4485f39690bfc70a18cfd68efd37fba5724a37629ba3f3983dc1dd47a578291540028fe8a1980b1f1d6f84e32381e03e7f96907213686da0c03bc

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      VolatilityWorkbench.exe.manifest

    • Size

      659B

    • MD5

      bed8e2310871cac0001c027d079c4c72

    • SHA1

      ee1a800dfc8d25812483568f95dfea160354ed5d

    • SHA256

      cdeda6764475430a954e9c8e6a5d4566b5b118d5e0db98436214297f8a008355

    • SHA512

      3585ecb6d5af3343d5bfe857a9f56ba6891589277ce0774cbb9208689088b7388b9cfa6ff4989f138d9691ffe70e8847587f5a5fd0f041bdc4a3af2d97e867aa

    Score
    1/10
    behavioral1behavioral2

    • Target

      VolatilityWorkbench.vcproj

    • Size

      7KB

    • MD5

      e2b1bbbb7bd622c06fa9b4f09c130507

    • SHA1

      5342e668a8108212368673050b0eaa240e056bb1

    • SHA256

      6107503777473679e601b95fcf581d25c57cc943219c43bc8f73559ed0dff739

    • SHA512

      d02d5159b78ad411ae5bed6b6d326df6150754fc2265b534bd0f870890382f806dc5b35d17a1cf9fd4c63d1f17bbb569c8c4d5de8f5ddc538cee5be00bed1754

    Score
    1/10
    behavioral3behavioral4

    • Target

      VolatilityWorkbench.exe

    • Size

      1.0MB

    • MD5

      f750f0e9877b33f4cfe50118ace6eb1a

    • SHA1

      eedfe21e1f9c59f1074267dfea55e5aaa57b41c3

    • SHA256

      4ad80bc0dc08f44751e012db9b89485d19d684a82689d3b366af5f22ed36217d

    • SHA512

      b5ab72e2989cb757ecef8c2e22ddc030a59ee15a40fbf91df3dd7df473fac11359ac4c00f4989212264784e27fb13216a2761d35daa892ba79f50fbe14cd86fe

    Score
    1/10
    behavioral5behavioral6

    • Target

      vol.exe

    • Size

      9.1MB

    • MD5

      b309450e794ed33d8c311e9ed83f9777

    • SHA1

      0393c4e85d4ec4fd045ee5fd000bfb5b7425d833

    • SHA256

      0e3e30240b6669bf79f78ca809c7397439ebbd2f46d1267ad5f16fdddc366024

    • SHA512

      571953fd63f0c0e6abbc3e187bd7eebf606866e4a5a3de5da5b344a9add44ab8cbc1f4e71b01292fc60a1d6f702fabef898209d735a539a717564a220aff3796

    Score
    7/10

    • Loads dropped DLL

    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks