Overview

overview

8

Static

static

4179158de6...fc.exe

windows7-x64

8

4179158de6...fc.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4179158de60626e072cc2f98c1477a6f942920948a54249cec7bbf6feed6a0fc

  • Size

    644KB

  • Sample

    221011-ermddsdgh6

  • MD5

    60900e497857d7dfcc29b0f4be6d5232

  • SHA1

    780f6f7556b08cba6e1a0538c2668bbcd9a9d873

  • SHA256

    4179158de60626e072cc2f98c1477a6f942920948a54249cec7bbf6feed6a0fc

  • SHA512

    53079dc012f9309398f76ebd5ad54a87df28486b35e3d60d9836e63b8647029acdfddd98aba8170eea6b0acaf91a631cb01133f6033a8063152cbc9f4f932b23

  • SSDEEP

    12288:m29f7c2EdU/YP94S7yIZTSE8iTwte6iZKF0TUm24EtVO9Gnrk3TBexPlto:rJ4ZdHPeJINS9qwg6iZKFnmY+Gnr0wlQ

Score
8/10
upxvmprotect

Malware Config

Targets

    • Target

      4179158de60626e072cc2f98c1477a6f942920948a54249cec7bbf6feed6a0fc

    • Size

      644KB

    • MD5

      60900e497857d7dfcc29b0f4be6d5232

    • SHA1

      780f6f7556b08cba6e1a0538c2668bbcd9a9d873

    • SHA256

      4179158de60626e072cc2f98c1477a6f942920948a54249cec7bbf6feed6a0fc

    • SHA512

      53079dc012f9309398f76ebd5ad54a87df28486b35e3d60d9836e63b8647029acdfddd98aba8170eea6b0acaf91a631cb01133f6033a8063152cbc9f4f932b23

    • SSDEEP

      12288:m29f7c2EdU/YP94S7yIZTSE8iTwte6iZKF0TUm24EtVO9Gnrk3TBexPlto:rJ4ZdHPeJINS9qwg6iZKFnmY+Gnr0wlQ

    Score
    8/10
    upxvmprotect

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks