Overview

overview

8

Static

static

8

14a2079811...1b.exe

windows7-x64

8

14a2079811...1b.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14a20798118b4c89dc950cbb2b6cc35379449cce7e1f06e1e34106b549fcc51b

  • Size

    1.4MB

  • Sample

    221125-1l1vgsca7z

  • MD5

    56bd1c5228b2fb10916b230726d4f8e9

  • SHA1

    59c5197f8b75c76dcedb1e4b8aa63b6afb034faa

  • SHA256

    14a20798118b4c89dc950cbb2b6cc35379449cce7e1f06e1e34106b549fcc51b

  • SHA512

    b5108a9103afd04780969de0d672ec73e6f9ea638ad920104ecad3e5ca390d3bcac7be283750d4aa1a5e377fed52b4e0f433917e5b7aefb9d2022d7a812609af

  • SSDEEP

    24576:T9SDxKYqm/q8hF2wRG9DrfVSlqkNrm9jT1ZNdjOyxdUnvVtehIkQKFmgaCF9QPy8:T9SXj/9h4U8f7/ZNIvmOQIgXF9Ux

Score
8/10
persistenceupxvmprotect

Malware Config

Targets

    • Target

      14a20798118b4c89dc950cbb2b6cc35379449cce7e1f06e1e34106b549fcc51b

    • Size

      1.4MB

    • MD5

      56bd1c5228b2fb10916b230726d4f8e9

    • SHA1

      59c5197f8b75c76dcedb1e4b8aa63b6afb034faa

    • SHA256

      14a20798118b4c89dc950cbb2b6cc35379449cce7e1f06e1e34106b549fcc51b

    • SHA512

      b5108a9103afd04780969de0d672ec73e6f9ea638ad920104ecad3e5ca390d3bcac7be283750d4aa1a5e377fed52b4e0f433917e5b7aefb9d2022d7a812609af

    • SSDEEP

      24576:T9SDxKYqm/q8hF2wRG9DrfVSlqkNrm9jT1ZNdjOyxdUnvVtehIkQKFmgaCF9QPy8:T9SXj/9h4U8f7/ZNIvmOQIgXF9Ux

    Score
    8/10
    upxvmprotectpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks