Overview

overview

8

Static

static

8

e93cb5fe92...c6.exe

windows7_x64

8

e93cb5fe92...c6.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e93cb5fe929c88252bbcb1ae8d73bfc6

  • Size

    5.9MB

  • Sample

    220623-rfwtxagbb7

  • MD5

    e93cb5fe929c88252bbcb1ae8d73bfc6

  • SHA1

    81f04e51bf83c1f9d45f333da4cf13167a89fd43

  • SHA256

    32b33877baade9ad5e8fb751c6a6b4ba6176ea7699732bd5ebd2af161728ac1e

  • SHA512

    4453b7f9bd989fc34816d7d8292463b0df79eeac11919d391a5695ecc76b28c97f06415768365b7af9404d733addfad7cfa9275d583452216ad398938719bc9a

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      e93cb5fe929c88252bbcb1ae8d73bfc6

    • Size

      5.9MB

    • MD5

      e93cb5fe929c88252bbcb1ae8d73bfc6

    • SHA1

      81f04e51bf83c1f9d45f333da4cf13167a89fd43

    • SHA256

      32b33877baade9ad5e8fb751c6a6b4ba6176ea7699732bd5ebd2af161728ac1e

    • SHA512

      4453b7f9bd989fc34816d7d8292463b0df79eeac11919d391a5695ecc76b28c97f06415768365b7af9404d733addfad7cfa9275d583452216ad398938719bc9a

    Score
    8/10
    vmprotectpersistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks