Overview

overview

8

Static

static

傲世中变.exe

windows7-x64

8

傲世中变.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ec8dc6e155e2a91bb4b99476efaae06c330fe6270c9d34b30e67c2841145bfe

  • Size

    3.2MB

  • Sample

    221126-fnkaasgf5y

  • MD5

    380823d5dcff4367ec334510875fc23d

  • SHA1

    c710012ceea6dc0f5739f634010cd6ece3435701

  • SHA256

    0ec8dc6e155e2a91bb4b99476efaae06c330fe6270c9d34b30e67c2841145bfe

  • SHA512

    4bb5f2c1666dbc2a4f6526a13ab909268c61b4b2f4f0777c740e4e09a2bd3b541c75cc038c31d4c6d127d93264b14e64fe5ff3f797e3406de1858f55d9e07214

  • SSDEEP

    98304:GWVdgpUcxS3zlWICLn8LFIJ3xT8HwLhpZK6IvuBNGsna:nVdgpUVzI3Lxx1KPuXGsa

Score
8/10
aspackv2persistencevmprotect

Malware Config

Targets

    • Target

      傲世中变.exe

    • Size

      3.2MB

    • MD5

      a87419a7b8cd42c04abc321896475347

    • SHA1

      6849c85576f911e7b4db746ceefa74845f4d7bdc

    • SHA256

      761c471e80d3c44febc76a8f7108744fd1aa07b646d5f37c7608714c1a8c42d6

    • SHA512

      47082bc2fe9aacb2dcce925c775a939c6f57cdba202dd07d7a160e5401d42e650e46c3d46d0d85aceb05d6249f1f652b16d2cd06fbfaba9eb7343676cecb1a8a

    • SSDEEP

      98304:Gc//////ArnXSjOFrpgpu4iBM2YlLatY3gb4qXzDuxTyqm:WrnXSSFrpgc41Jlmt8/qXuxT8

    Score
    8/10
    aspackv2persistencevmprotect

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Sets DLL path for service in the registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks