Overview

overview

8

Static

static

87789c5977...21.exe

windows7-x64

8

87789c5977...21.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87789c597728e9738862ee3441c2f29a8c6f66e9da6bbb3c7eaab55071cff321

  • Size

    877KB

  • Sample

    221125-3tapdaff79

  • MD5

    a81765d898e7332ba29150aa446c57a8

  • SHA1

    8bd50e9dd2b7c23b1f99bb862b0671110d46c4fc

  • SHA256

    87789c597728e9738862ee3441c2f29a8c6f66e9da6bbb3c7eaab55071cff321

  • SHA512

    1c3002051f1c5bb6a042ac0dc348db835670ce4b246036dd1f2c699ff68ed73413d9e4ec0f9cbe9c0977627972a0c946bcfc210f7f2b0a617ebe18c0d6234cb2

  • SSDEEP

    12288:7a9tGEY8ixdHexn1gBRch8yIzWT0i6J6AWpj9OC66WG2bYEo95BGnGi1zNEVPQS5:W9wKYexOPX60iaWpj9h6e2bYLGRxMuIP

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      87789c597728e9738862ee3441c2f29a8c6f66e9da6bbb3c7eaab55071cff321

    • Size

      877KB

    • MD5

      a81765d898e7332ba29150aa446c57a8

    • SHA1

      8bd50e9dd2b7c23b1f99bb862b0671110d46c4fc

    • SHA256

      87789c597728e9738862ee3441c2f29a8c6f66e9da6bbb3c7eaab55071cff321

    • SHA512

      1c3002051f1c5bb6a042ac0dc348db835670ce4b246036dd1f2c699ff68ed73413d9e4ec0f9cbe9c0977627972a0c946bcfc210f7f2b0a617ebe18c0d6234cb2

    • SSDEEP

      12288:7a9tGEY8ixdHexn1gBRch8yIzWT0i6J6AWpj9OC66WG2bYEo95BGnGi1zNEVPQS5:W9wKYexOPX60iaWpj9h6e2bYLGRxMuIP

    Score
    8/10
    vmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks