Overview

overview

8

Static

static

8

963453be32...63.exe

windows7-x64

8

963453be32...63.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    963453be32b03d84d70492a69a6a7d83d1245377627799a2e327b5105a9d8a63

  • Size

    2.6MB

  • Sample

    221125-h9adbsah33

  • MD5

    05d5981642e6cd89a646b1854be683e6

  • SHA1

    0d987ced733fbf76a4623176c503802d2cfe3932

  • SHA256

    963453be32b03d84d70492a69a6a7d83d1245377627799a2e327b5105a9d8a63

  • SHA512

    1c3250c03d1e88db47cc5fe07eab550dfb2598b89945f5e6754413f7a26b5949d996cd5ef4f616bb2c5a78e1c95f46eda1eec000e8ac40e16490281503baa7b5

  • SSDEEP

    49152:9RQi1iyA3ePyFmITaqZ4juFqR0axwwed/TPY/7N/1Xx2Wp+:wF93cQmjA4aI0aSfOPXx

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      963453be32b03d84d70492a69a6a7d83d1245377627799a2e327b5105a9d8a63

    • Size

      2.6MB

    • MD5

      05d5981642e6cd89a646b1854be683e6

    • SHA1

      0d987ced733fbf76a4623176c503802d2cfe3932

    • SHA256

      963453be32b03d84d70492a69a6a7d83d1245377627799a2e327b5105a9d8a63

    • SHA512

      1c3250c03d1e88db47cc5fe07eab550dfb2598b89945f5e6754413f7a26b5949d996cd5ef4f616bb2c5a78e1c95f46eda1eec000e8ac40e16490281503baa7b5

    • SSDEEP

      49152:9RQi1iyA3ePyFmITaqZ4juFqR0axwwed/TPY/7N/1Xx2Wp+:wF93cQmjA4aI0aSfOPXx

    Score
    8/10
    vmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks