Overview

overview

8

Static

static

8

explorer.exe

windows7-x64

8

explorer.exe

windows10-2004-x64

8

explorer.e...te.xml

windows7-x64

1

explorer.e...te.xml

windows10-2004-x64

1

nfzn.dll

windows7-x64

8

nfzn.dll

windows10-2004-x64

8

nfzn.dll.i...te.xml

windows7-x64

1

nfzn.dll.i...te.xml

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6

  • Size

    510KB

  • Sample

    221125-1wslvshh42

  • MD5

    776c622c798531da057b776d97d1d07b

  • SHA1

    68bab218302b3e992caef0f2bf3051fe3e1b2e0d

  • SHA256

    5eadeba25ef4e49920fa50a8015124ea3de3d4ff55996a95835294edb1bf1fb6

  • SHA512

    b7f8a838773d2eb16bc6959a7aed22412e6ceea4952ac8c5729e6e3b72f53a66b873a28b0e2c2b4ed57e0ea21e0b68a43ebe945314112cda74f550a584ff24a1

  • SSDEEP

    12288:gJ/dEGNqM86annZALpOsO2/xLWJaOrKYgVRproVm+a7of6iGG:gJ/dxNqMunZAtffAa1Y0roVlvDGG

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      explorer.exe

    • Size

      359KB

    • MD5

      771b83237080ce84f277b99fc57363e7

    • SHA1

      098b95bf5605af681a1a2e71919c64c86baf4a0b

    • SHA256

      66478e56cae82555807d363e872e8aef552daedbbf2e16238e96e54e950e2e70

    • SHA512

      e66fa464d13088534d9bbaf0748f37708fbf21ec8792fd3c04b2c780ef0257bacbc094552a1af45d5d2880c7f2cd540f6f19176026187254f5d22ec552e2ad1f

    • SSDEEP

      6144:4KIV0ybHaU2lWrt4+gn849gq22v7OMSII+23T1rng22yCsGd90Zgy:0HpYael922v7OnxTlngTnd98p

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      explorer.exe.intermediate.manifest

    • Size

      392B

    • MD5

      b8e76ddb52d0eb41e972599ff3ca431b

    • SHA1

      fc12d7ad112ddabfcd8f82f290d84e637a4d62f8

    • SHA256

      165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8

    • SHA512

      739cb69dec197879f4c7af76af86273a170d7834495ca9d35825f64f35290e6625eab67f404b7353edb340c2187f62976cb42ceb9a0c119deaee81a2143ffade

    Score
    1/10
    behavioral3behavioral4

    • Target

      nfzn.dll

    • Size

      327KB

    • MD5

      91f1cdf9df39b6c0486277e4ef1818c7

    • SHA1

      cba42ce5ddb87b5a521b6dc569a4296789f5fef2

    • SHA256

      822bafa548278d2559660cfec702f0123d02ef0a1d4c23351acaebe28a7a9d3f

    • SHA512

      65403e6d668b098bba136a7bfa146eab536c68587d55c202c6599539ccfabc9bedec7e60e7ee1284968cbee718781c6dff936f9b76f4cb39db2c2ca5901d27c0

    • SSDEEP

      6144:9KleXWMzLp6p750N0exZUkf0Jx+GQB+TDsAVVEgjDf6STtlvAx0U/pkCm:z0y0ext++ITDBVEeDf6ktloxV/pI

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral5behavioral6

    • Target

      nfzn.dll.intermediate.manifest

    • Size

      381B

    • MD5

      1e4a89b11eae0fcf8bb5fdd5ec3b6f61

    • SHA1

      4260284ce14278c397aaf6f389c1609b0ab0ce51

    • SHA256

      4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df

    • SHA512

      8c290919e456a80d87dd6d243e4713945432b9a2bc158bfa5b81ae9fed1a8dd693da51914fa4014c5b8596e36186a9c891741c3b9011958c7ac240b7d818f815

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks