b8079c63e100735a16354fc3e415f5afb4070204df1fcc3a9241902bb123af3f | Triage

Sharing

General

Target

b8079c63e100735a16354fc3e415f5afb4070204df1fcc3a9241902bb123af3f
Size

245KB
Sample

221123-y9sgxafd2x
MD5

45e03c957816872f52c5fcefdf937840
SHA1

601986503e005828772ca77e493b7716515539d9
SHA256

b8079c63e100735a16354fc3e415f5afb4070204df1fcc3a9241902bb123af3f
SHA512

50de2398aafd38175a4a54c802d3f9ec71082f07e3b128418245a22829c104127a179d8ba087a596859fb4aec790893e5618f5efe2ecef8a2f0a596b4b0bd246
SSDEEP

3072:j5BSF/OpwPeBk7Xepwhc+a7huzhBLTIVKYNFDqUTZYO/tVYZHfe76ehK:dYIY2Aex+muz3TIVfrXtGZHfe76ehK

Score

10^/10

evasion trojan vmprotect

Malware Config

Targets

- Target
  
  b8079c63e100735a16354fc3e415f5afb4070204df1fcc3a9241902bb123af3f
- Size
  
  245KB
- MD5
  
  45e03c957816872f52c5fcefdf937840
- SHA1
  
  601986503e005828772ca77e493b7716515539d9
- SHA256
  
  b8079c63e100735a16354fc3e415f5afb4070204df1fcc3a9241902bb123af3f
- SHA512
  
  50de2398aafd38175a4a54c802d3f9ec71082f07e3b128418245a22829c104127a179d8ba087a596859fb4aec790893e5618f5efe2ecef8a2f0a596b4b0bd246
- SSDEEP
  
  3072:j5BSF/OpwPeBk7Xepwhc+a7huzhBLTIVKYNFDqUTZYO/tVYZHfe76ehK:dYIY2Aex+muz3TIVfrXtGZHfe76ehK
Score

10^/10

evasion trojan vmprotect
- UAC bypass
  evasion trojan
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanvmprotect

behavioral2

evasiontrojanvmprotect