Overview

overview

8

Static

static

8

BlackLegen...ic.dll

windows7-x64

8

BlackLegen...ic.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    421a92d155959ae6652724131ad2ba71be24803c33a8b863e09da59d7fae7c5d

  • Size

    216KB

  • Sample

    221011-yj5dsabher

  • MD5

    2b7ec9b3b776c25f71e679640a9ba988

  • SHA1

    29a14de9462b3d155441b1c0b8bd46ac49cde9f1

  • SHA256

    421a92d155959ae6652724131ad2ba71be24803c33a8b863e09da59d7fae7c5d

  • SHA512

    403238f497f9ed3578a083ad52c74714791ed6b9b7dbefa95dd4439d5b222310a754b4985d0d16b6879f2559952bca801716e2b5f5dac6c6888845f4d1286867

  • SSDEEP

    6144:HGMJtOyaBl2aKjBrWZjBVpS7k594q7bvt0n5:mMJoNoa4BMp97a

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      BlackLegend Public/BlackLegend Public.dll

    • Size

      222KB

    • MD5

      8532746ea5bca749229d3e1974e94c89

    • SHA1

      073f15d554fa9ea088dc940d237eafa147388b06

    • SHA256

      d08ddd289fe0763ea15945091d9120b48ff1afedcfb7301711e8f341687d4c43

    • SHA512

      cd9a3bd5553f0f680cf7a370f4128872b5ef2202d97748afc1ab18fc483c8b9c8d984cf947e19d91840d646e4a58899a3cae14692980a5d689356092d4730b5b

    • SSDEEP

      6144:lmtu9R7AaM2CYQoZ/ZImh/6jmmtHnkm3D:Wy3M2uVLmmtHN

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks