Overview

overview

8

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    655KB

  • Sample

    221123-kkac5shb82

  • MD5

    2ad02c3e1cb7a5fbbe3d14338d5d5e03

  • SHA1

    e7e5b3996502beae37d681766e58063773b1c385

  • SHA256

    8bd8aad6f37edcc57c1b6910b13dd46674b3550a9e26ff549bff7c379c4b20f0

  • SHA512

    19fb2ed1d6f811ad54558453385625614a378aa5cd2dbe464b648abc444d15f3758c74e8301e935b114a105259fe7df2fcc6a8a500e90b14a3f157ef49551c16

  • SSDEEP

    12288:d4o51BciOj8M4CvPn6QGny7uCc5xo5qEE:ptvMVvPHmc3y

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      file.exe

    • Size

      655KB

    • MD5

      2ad02c3e1cb7a5fbbe3d14338d5d5e03

    • SHA1

      e7e5b3996502beae37d681766e58063773b1c385

    • SHA256

      8bd8aad6f37edcc57c1b6910b13dd46674b3550a9e26ff549bff7c379c4b20f0

    • SHA512

      19fb2ed1d6f811ad54558453385625614a378aa5cd2dbe464b648abc444d15f3758c74e8301e935b114a105259fe7df2fcc6a8a500e90b14a3f157ef49551c16

    • SSDEEP

      12288:d4o51BciOj8M4CvPn6QGny7uCc5xo5qEE:ptvMVvPHmc3y

    Score
    8/10
    persistencevmprotect

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks