Overview

overview

9

Static

static

be74032b78...a2.exe

windows7-x64

6

be74032b78...a2.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be74032b78991bd981a992d99ded3411b082ec74eee791f7c9f422a0d6b0aca2.exe

  • Size

    115KB

  • Sample

    221123-h4x77seh56

  • MD5

    2251aa9ffc0e40b4c9e19d5a9f322cae

  • SHA1

    0843c36a30c3676d6fa5ba3bdb562d8e32a470d8

  • SHA256

    be74032b78991bd981a992d99ded3411b082ec74eee791f7c9f422a0d6b0aca2

  • SHA512

    17164d540792c15eb210e43ded2bc244c555421ffb5678a3958b7dcda11082f7c4ba550d6be9fe3fbd9e3ee5bbf8dca5d01b54d3e327501c9c37b8af22f8cbff

  • SSDEEP

    3072:tU143UTXqhlYDnU/+F3wTmR7Iq2+YlbWa3rdWuLqfUl:kXqfEBwT82ZLqfU

Score
9/10
minerpersistencevmprotect

Malware Config

Targets

    • Target

      be74032b78991bd981a992d99ded3411b082ec74eee791f7c9f422a0d6b0aca2.exe

    • Size

      115KB

    • MD5

      2251aa9ffc0e40b4c9e19d5a9f322cae

    • SHA1

      0843c36a30c3676d6fa5ba3bdb562d8e32a470d8

    • SHA256

      be74032b78991bd981a992d99ded3411b082ec74eee791f7c9f422a0d6b0aca2

    • SHA512

      17164d540792c15eb210e43ded2bc244c555421ffb5678a3958b7dcda11082f7c4ba550d6be9fe3fbd9e3ee5bbf8dca5d01b54d3e327501c9c37b8af22f8cbff

    • SSDEEP

      3072:tU143UTXqhlYDnU/+F3wTmR7Iq2+YlbWa3rdWuLqfUl:kXqfEBwT82ZLqfU

    Score
    9/10
    persistenceminervmprotect

    • Detectes Phoenix Miner Payload

      miner

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks