Overview

overview

8

Static

static

8

738186c0cd...e9.exe

windows7-x64

8

738186c0cd...e9.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    738186c0cd14dc3842b78e52b63c953582aa2170a6294b8443ee028a5982cfe9

  • Size

    5.4MB

  • Sample

    220804-kwvs8aebgm

  • MD5

    5ae2a626f52f6607ec13c0ad334ec7af

  • SHA1

    8c8bfd4f37c2165a6a58cca4a5479f4942f3165f

  • SHA256

    738186c0cd14dc3842b78e52b63c953582aa2170a6294b8443ee028a5982cfe9

  • SHA512

    a86d6f516b17313d293a1af326002b959efe107e0c2418fa22bca6f8184dca45adfd8e68961bc6dd54ad19d8ef6138e5ce41e57b204a9be69dd785019775d02d

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      738186c0cd14dc3842b78e52b63c953582aa2170a6294b8443ee028a5982cfe9

    • Size

      5.4MB

    • MD5

      5ae2a626f52f6607ec13c0ad334ec7af

    • SHA1

      8c8bfd4f37c2165a6a58cca4a5479f4942f3165f

    • SHA256

      738186c0cd14dc3842b78e52b63c953582aa2170a6294b8443ee028a5982cfe9

    • SHA512

      a86d6f516b17313d293a1af326002b959efe107e0c2418fa22bca6f8184dca45adfd8e68961bc6dd54ad19d8ef6138e5ce41e57b204a9be69dd785019775d02d

    Score
    8/10
    vmprotect

    • Blocklisted process makes network request

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks