Overview

overview

8

Static

static

8

[ID] Pegasus.exe

windows7-x64

8

[ID] Pegasus.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1412fa44de773bc5e4e694a067bfea1eae442941eaa5312cd64ea020e4c4f5a

  • Size

    1012KB

  • Sample

    221126-f2w61seb76

  • MD5

    36e8615ed5b6bac3c0dda3186bce8cc9

  • SHA1

    84655ac46b49e474b0e6fee4a663784e58341565

  • SHA256

    e1412fa44de773bc5e4e694a067bfea1eae442941eaa5312cd64ea020e4c4f5a

  • SHA512

    c9c7c5125d45ee5dbdcde7cee46447279481a37db955238ec455e96573387d6fe519c09248e5841904f199ece05f353d14743e43ddbc211e1ded1e05b0a53675

  • SSDEEP

    24576:jQmn7JFuQlITEzULi3g7jqxoeoeeBMOYO/EKpLr6epHrTTvqcK3X:EuigIIzULi3eOxn15O/EKpLN1jqcK3X

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      [ID] Pegasus.exe

    • Size

      1.0MB

    • MD5

      8b6ff5bb2418b7521bcfe5e493d9df7c

    • SHA1

      10808bf646b731e77bf3f168fd71e926e83970e9

    • SHA256

      12440486a55e0efecbd9462f85369f09326bccc25e32dded10ff96e7115ae73c

    • SHA512

      f83faf758e583415039e09243fdc4aa37482b67dc37def34c4095f8a9b33d8bf2dda60940398cdbba348305dd9600cd7d409e5185cb381358f8b554a0384863d

    • SSDEEP

      24576:K8p9It29WwIV0JwCs8GYtMbfklY8fHNEsjdqfFUrXbewXqLwbWq+5Yl:K83I0VIaJrHMbfsB5XvXwh

    Score
    8/10
    vmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks