Overview

overview

8

Static

static

8

eOWDJmB3Qt.exe

windows7-x64

8

eOWDJmB3Qt.exe

windows10-2004-x64

8

Resubmissions

25-11-2022 11:39

221125-nslmxseb32 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eOWDJmB3Qt.exe

  • Size

    3.4MB

  • Sample

    221125-nslmxseb32

  • MD5

    a198d2e7ddac7c3d381da9b2e5446142

  • SHA1

    61aff012de5ac9eb5247f182320b1df434a22c93

  • SHA256

    f432910b309b296e4cf2e662092657060f0e24222ccf1239a67c69b9db8daf68

  • SHA512

    6e661c2c46ea0f57dc0dafe0e01bc32258d740d9938bec27b7558ae020ff51cdfd41351df52b06da86f25dc59c318fa37660b7da51ad34dd69b0f8bcbcb6b44a

  • SSDEEP

    98304:ZBvIB2CVEqzsJGwUv6Fvx6KW2wBBJIdnjjgI8D:ZekJGwUi1WMjjW

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      eOWDJmB3Qt.exe

    • Size

      3.4MB

    • MD5

      a198d2e7ddac7c3d381da9b2e5446142

    • SHA1

      61aff012de5ac9eb5247f182320b1df434a22c93

    • SHA256

      f432910b309b296e4cf2e662092657060f0e24222ccf1239a67c69b9db8daf68

    • SHA512

      6e661c2c46ea0f57dc0dafe0e01bc32258d740d9938bec27b7558ae020ff51cdfd41351df52b06da86f25dc59c318fa37660b7da51ad34dd69b0f8bcbcb6b44a

    • SSDEEP

      98304:ZBvIB2CVEqzsJGwUv6Fvx6KW2wBBJIdnjjgI8D:ZekJGwUi1WMjjW

    Score
    8/10
    persistencevmprotect

    • Sets service image path in registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks