2f8e471cd92be1ceb8a2689c006d802f5e76135ce035196c555bbaa00d361012 | Triage

Sharing

General

Target

2f8e471cd92be1ceb8a2689c006d802f5e76135ce035196c555bbaa00d361012
Size

198KB
Sample

221123-t7z2rabb8s
MD5

52a7ae80da298b45ddc79d93142b6710
SHA1

39860118701bf0bcef8cb04e9707f9beb6cfd1c4
SHA256

2f8e471cd92be1ceb8a2689c006d802f5e76135ce035196c555bbaa00d361012
SHA512

5cc8ae1d65710a6b70dcee6916e437ca44d77236fa2bb8d41fb19ee92e6318448c56bcf304cf6d2803ae8f5a0345791556336dcf097a44b2e6b0bfefa4c43038
SSDEEP

6144:znycVxqMDbbFDhCW4C92lHf8mhBKIwlplA:DpVxqSbbFDhT2RkmHGTl

Score

10^/10

evasion trojan vmprotect

Malware Config

Targets

- Target
  
  2f8e471cd92be1ceb8a2689c006d802f5e76135ce035196c555bbaa00d361012
- Size
  
  198KB
- MD5
  
  52a7ae80da298b45ddc79d93142b6710
- SHA1
  
  39860118701bf0bcef8cb04e9707f9beb6cfd1c4
- SHA256
  
  2f8e471cd92be1ceb8a2689c006d802f5e76135ce035196c555bbaa00d361012
- SHA512
  
  5cc8ae1d65710a6b70dcee6916e437ca44d77236fa2bb8d41fb19ee92e6318448c56bcf304cf6d2803ae8f5a0345791556336dcf097a44b2e6b0bfefa4c43038
- SSDEEP
  
  6144:znycVxqMDbbFDhCW4C92lHf8mhBKIwlplA:DpVxqSbbFDhT2RkmHGTl
Score

10^/10

evasion trojan vmprotect
- UAC bypass
  evasion trojan
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanvmprotect

behavioral2