Overview

overview

10

Static

static

8

demoo.dll

windows7_x64

10

demoo.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    demoo.dll

  • Size

    3.3MB

  • Sample

    220210-swdhyahbdl

  • MD5

    1af9024e05e21428386247905f59a7ab

  • SHA1

    1802f64add91791808262bb60984424f95f28e2e

  • SHA256

    3d2ced1b815c6aa31457030af8e4255dfb1b06d6b583a747e15272530824a6fa

  • SHA512

    3171177b8aa8c7cc7354231f512879ef86c8c81c3784a38837852c1f80efa45a560ba2ddafb17fc5002bb8bfdb1b1ed3cb1de5cd933e5e167a0c7a1727c39cb4

Score
10/10
chinese_generic_botnetbotnetvmprotect

Malware Config

Targets

    • Target

      demoo.dll

    • Size

      3.3MB

    • MD5

      1af9024e05e21428386247905f59a7ab

    • SHA1

      1802f64add91791808262bb60984424f95f28e2e

    • SHA256

      3d2ced1b815c6aa31457030af8e4255dfb1b06d6b583a747e15272530824a6fa

    • SHA512

      3171177b8aa8c7cc7354231f512879ef86c8c81c3784a38837852c1f80efa45a560ba2ddafb17fc5002bb8bfdb1b1ed3cb1de5cd933e5e167a0c7a1727c39cb4

    Score
    10/10
    chinese_generic_botnetbotnetvmprotect

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Blocklisted process makes network request

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks