Overview

overview

8

Static

static

f5034eb24c...0d.exe

windows7-x64

8

f5034eb24c...0d.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5034eb24cd8cdf06921e03fc3147f012199d7dc00ac4da39417be7bf02be50d

  • Size

    979KB

  • Sample

    221011-3lg4gsbca7

  • MD5

    6b4fc3f65c734d92f7f09b0ea586e4a0

  • SHA1

    b796e37b95d121c7079b2f31510d3967749dd0b1

  • SHA256

    f5034eb24cd8cdf06921e03fc3147f012199d7dc00ac4da39417be7bf02be50d

  • SHA512

    5819ca76e658ace9cd9408639f22c543b6cfc06580bbcf14c4d21ba44c0a8b1cbe12901379810a27cd87c577e5bae5582c45babfebb52c6b9ee22ef5a1707b8a

  • SSDEEP

    24576:3NBIc3Nj/ptB57KoYnjQt7ZvwHXbKOxqhmy1E:Ag5RtBwDjStw3NoI

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      f5034eb24cd8cdf06921e03fc3147f012199d7dc00ac4da39417be7bf02be50d

    • Size

      979KB

    • MD5

      6b4fc3f65c734d92f7f09b0ea586e4a0

    • SHA1

      b796e37b95d121c7079b2f31510d3967749dd0b1

    • SHA256

      f5034eb24cd8cdf06921e03fc3147f012199d7dc00ac4da39417be7bf02be50d

    • SHA512

      5819ca76e658ace9cd9408639f22c543b6cfc06580bbcf14c4d21ba44c0a8b1cbe12901379810a27cd87c577e5bae5582c45babfebb52c6b9ee22ef5a1707b8a

    • SSDEEP

      24576:3NBIc3Nj/ptB57KoYnjQt7ZvwHXbKOxqhmy1E:Ag5RtBwDjStw3NoI

    Score
    8/10
    vmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks