General

  • Target

    f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d

  • Size

    180KB

  • Sample

    221123-xnz47afe88

  • MD5

    4eb216d0cdff53fc37e2e97d585bc500

  • SHA1

    fdbb10b5baea73cd3c594ce7455f66ceed56dfe3

  • SHA256

    f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d

  • SHA512

    8f5fee67ebfb4b01d70760a9701528d4ad923d72317691578ff3962318eda1854c12ab2fae5ca9f4b645d607d0fa73d9bbcaaa58a00e663f81b6f5ad69b2d885

  • SSDEEP

    3072:zDy10WbcVmYqr4DbbFD4SCW4vs992l77fQjmhBKINClpvV5YW3A:znycVxqMDbbFDhCW4C92lHf8mhBKIwlc

Malware Config

Targets

    • Target

      f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d

    • Size

      180KB

    • MD5

      4eb216d0cdff53fc37e2e97d585bc500

    • SHA1

      fdbb10b5baea73cd3c594ce7455f66ceed56dfe3

    • SHA256

      f1fcefdb444af1abb7e53f9b0872bd63af5eab8c0ec414793c7b4255fe3a859d

    • SHA512

      8f5fee67ebfb4b01d70760a9701528d4ad923d72317691578ff3962318eda1854c12ab2fae5ca9f4b645d607d0fa73d9bbcaaa58a00e663f81b6f5ad69b2d885

    • SSDEEP

      3072:zDy10WbcVmYqr4DbbFD4SCW4vs992l77fQjmhBKINClpvV5YW3A:znycVxqMDbbFDhCW4C92lHf8mhBKIwlc

    • UAC bypass

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks