Overview

overview

8

Static

static

8

�...mp.exe

windows7-x64

8

�...mp.exe

windows10-2004-x64

8

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d04e5ad52e9fc18840b334a5ad2b68f5ea7bf2188fd2efe4a89b4848336dcead

  • Size

    973KB

  • Sample

    221124-fp8dhsea2s

  • MD5

    00bfd8ae208ec60fb9c2c6bf13ae990a

  • SHA1

    1a375070472ee3559eee840a7592f37a75357d16

  • SHA256

    d04e5ad52e9fc18840b334a5ad2b68f5ea7bf2188fd2efe4a89b4848336dcead

  • SHA512

    66342c7d79b3a711a1ec2277a07c42d49da759a94998dec04e95b952d7a677fe994355e90a2cd679ec45fd3787a2ba80bf25e1e23ccb1106abcfd5eefd35e729

  • SSDEEP

    12288:xlpzeWnsf8888CQkdFiR4lAPgIgqa6u98EvuNJU1tRQhAuhE2aJ6uPM1zjhD4uG4:zp6WnsuFoOA5zPo1tE/hE/6uQhpIYlHB

Score
8/10
upxvmprotect

Malware Config

Targets

    • Target

      ʿ޸/ʿ޸.vmp.exe

    • Size

      824KB

    • MD5

      2cd0b4f0948cba939b604708cefd5a53

    • SHA1

      1c8b30221cdf70390cd507e0801548633358d221

    • SHA256

      f4a063f2551e07897124596b0f90c22eb737e830d35da942fc31b57d2030e922

    • SHA512

      22805d626de3ee9be2d864c6c3cf389f29cd3cc1c5ce6beebf16f7cd10e71227d12057acf014a517240f49867a47c65416a8b9c5fa87c30786bb51e73a38a03c

    • SSDEEP

      12288:dkG+n5oRv9cw7dg9dmvjTkZbw70qoaFPerd3/xamebqfGvcPTVqFR:qARFpu9QPkZbw+Imrd3/UmecMpFR

    Score
    8/10
    upxvmprotect

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      QQ.url

    • Size

      126B

    • MD5

      9f36733525857a875b9aa9b0dc78da08

    • SHA1

      9b7bf725cc7a90bf159ad1958b043adb16e36a9e

    • SHA256

      97c3de62e4bf28be46b48a65a349d3ab190ebad5602b8c6e92230d0a1c432ad2

    • SHA512

      72cb12cd8257add1e58d436f69c1f9d6cbfe515a172608943f30e46db376be5873a0ba6c58f81a269b6758419a4ea6b56cfd2dc40d86b4ffab47f0e90815ac85

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks