Overview

overview

8

Static

static

7db12168db...36.dll

windows7-x64

8

7db12168db...36.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7db12168db2668990a09c311b611c2f8f6b65451f48d92ac7a61ebb460a3d736

  • Size

    541KB

  • Sample

    221126-ae4dxsgf56

  • MD5

    c12eff8d72d6a7d0bccd4c3947ba1271

  • SHA1

    351fee49a5207d1f16ddc036294b74cc98f06690

  • SHA256

    7db12168db2668990a09c311b611c2f8f6b65451f48d92ac7a61ebb460a3d736

  • SHA512

    314402d330f0c01b131fcc78287472ee496120c9ba526b87438908fd85000a771ebb11386392bf6ff2fba8c3a08179e6cf9c8a7b50b10dd4d7cb07dc1de81c37

  • SSDEEP

    12288:gKXAyRw6k2wnnA9UhcOsyj/kidgR6ncbGUTLyEud6p2Qh5zb:6yRw6k20WU6yAp6cV3txh5zb

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      7db12168db2668990a09c311b611c2f8f6b65451f48d92ac7a61ebb460a3d736

    • Size

      541KB

    • MD5

      c12eff8d72d6a7d0bccd4c3947ba1271

    • SHA1

      351fee49a5207d1f16ddc036294b74cc98f06690

    • SHA256

      7db12168db2668990a09c311b611c2f8f6b65451f48d92ac7a61ebb460a3d736

    • SHA512

      314402d330f0c01b131fcc78287472ee496120c9ba526b87438908fd85000a771ebb11386392bf6ff2fba8c3a08179e6cf9c8a7b50b10dd4d7cb07dc1de81c37

    • SSDEEP

      12288:gKXAyRw6k2wnnA9UhcOsyj/kidgR6ncbGUTLyEud6p2Qh5zb:6yRw6k20WU6yAp6cV3txh5zb

    Score
    8/10
    persistencevmprotect

    • Downloads MZ/PE file

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks