5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6 | Triage

Sharing

General

Target

5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6
Size

510KB
Sample

221125-1wslvshh42
MD5

776c622c798531da057b776d97d1d07b
SHA1

68bab218302b3e992caef0f2bf3051fe3e1b2e0d
SHA256

5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6
SHA512

b7f8a838773d2eb16bc6959a7aed22412e6ceea4952ac8c5729e6e3b72f53a66b873a28b0e2c2b4ed57e0ea21e0b68a43ebe945314112cda74f550a584ff24a1
SSDEEP

12288:gJ/dEGNqM86annZALpOsO2/xLWJaOrKYgVRproVm+a7of6iGG:gJ/dxNqMunZAtffAa1Y0roVlvDGG

Score

8^/10

vmprotect

Malware Config

Targets

- Target
  
  explorer.exe
- Size
  
  359KB
- MD5
  
  771b83237080ce84f277b99fc57363e7
- SHA1
  
  098b95bf5605af681a1a2e71919c64c86baf4a0b
- SHA256
  
  66478e56cae82555807d363e872e8aef552daedbbf2e16238e96e54e950e2e70
- SHA512
  
  e66fa464d13088534d9bbaf0748f37708fbf21ec8792fd3c04b2c780ef0257bacbc094552a1af45d5d2880c7f2cd540f6f19176026187254f5d22ec552e2ad1f
- SSDEEP
  
  6144:4KIV0ybHaU2lWrt4+gn849gq22v7OMSII+23T1rng22yCsGd90Zgy:0HpYael922v7OnxTlngTnd98p
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2
- Target
  
  explorer.exe.intermediate.manifest
- Size
  
  392B
- MD5
  
  b8e76ddb52d0eb41e972599ff3ca431b
- SHA1
  
  fc12d7ad112ddabfcd8f82f290d84e637a4d62f8
- SHA256
  
  165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8
- SHA512
  
  739cb69dec197879f4c7af76af86273a170d7834495ca9d35825f64f35290e6625eab67f404b7353edb340c2187f62976cb42ceb9a0c119deaee81a2143ffade
Score

1^/10
behavioral3 behavioral4
- Target
  
  nfzn.dll
- Size
  
  327KB
- MD5
  
  91f1cdf9df39b6c0486277e4ef1818c7
- SHA1
  
  cba42ce5ddb87b5a521b6dc569a4296789f5fef2
- SHA256
  
  822bafa548278d2559660cfec702f0123d02ef0a1d4c23351acaebe28a7a9d3f
- SHA512
  
  65403e6d668b098bba136a7bfa146eab536c68587d55c202c6599539ccfabc9bedec7e60e7ee1284968cbee718781c6dff936f9b76f4cb39db2c2ca5901d27c0
- SSDEEP
  
  6144:9KleXWMzLp6p750N0exZUkf0Jx+GQB+TDsAVVEgjDf6STtlvAx0U/pkCm:z0y0ext++ITDBVEeDf6ktloxV/pI
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral5 behavioral6
- Target
  
  nfzn.dll.intermediate.manifest
- Size
  
  381B
- MD5
  
  1e4a89b11eae0fcf8bb5fdd5ec3b6f61
- SHA1
  
  4260284ce14278c397aaf6f389c1609b0ab0ce51
- SHA256
  
  4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
- SHA512
  
  8c290919e456a80d87dd6d243e4713945432b9a2bc158bfa5b81ae9fed1a8dd693da51914fa4014c5b8596e36186a9c891741c3b9011958c7ac240b7d818f815
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8