120550fcc0d7eaf24bfdac08615b1bdad4d79ea0fd2bc0dac7048d0beb3b3a7d

Sharing

Copy URL

Twitter E-mail

General

Target

120550fcc0d7eaf24bfdac08615b1bdad4d79ea0fd2bc0dac7048d0beb3b3a7d
Size

2.3MB
Sample

221126-v1b7sabd98
MD5

ea39371d7754729d7b3064f072f648e8
SHA1

5da68a9f0a09592b63fe1f20a3179a736f6178b1
SHA256

120550fcc0d7eaf24bfdac08615b1bdad4d79ea0fd2bc0dac7048d0beb3b3a7d
SHA512

b826a10f0f1caa654264805a19022ef368088373d98b5cc66141ddf7bfdc862ba730b9809bf2924be315a2a9ef97e4c9dca2f7416c086885c470453c8584c96b
SSDEEP

49152:/+aAZ3kI52oJayxjR+j2W1xU0h48oyWF9XbICaz0ay7I878+oet6hrt:/+a+3F2oJayFRwTU0hpQ+CawaKIZ/B

Score

8^/10

vmprotect

Malware Config

Targets

- Target
  
  FastVerCode.dll
- Size
  
  76KB
- MD5
  
  afbd7ce0444d74992c3a7ba2c6856819
- SHA1
  
  1fe1ec080a42387b2d7c3f93a85e3b01ef833127
- SHA256
  
  360219f58aed55df91f745ab1b6b0ea3119e38cab6ba9177bb934bb870e1de8a
- SHA512
  
  a5d974786c629374f1a4b1c96656bf78995b021b2876328ef2d125f4fcb823d763c189688de39aa66143e33cf4555bcfd7ca1a8b8e151de734b856dd1d184847
- SSDEEP
  
  1536:P16i/yx+DQQ2axHoEdcwU5c+xtBuK3kU4:Ei/yxy2axIWavBugkJ
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral3 behavioral4
- Target
  
  Interop.ADODB.dll
- Size
  
  100KB
- MD5
  
  cd3a6224a31d0990694377d72ddffcf8
- SHA1
  
  4f8c9aaaffbe3fb862acc7be9918949e4941df50
- SHA256
  
  4a17ba10cee159d82b521046f49a5cc9c9ee1da668ae028fbf281861b292b991
- SHA512
  
  2e086559c41b25bd508f38d11d6485af45f14854655bb64e5bf9d69f544d4a9d4c6d92cfb10323f452724638cf703b5378fa6a08fe3ebe009dec2f7e72334441
- SSDEEP
  
  3072:czZAHCp0zu6IGlyPMJuDINT35+DNqOtS5z5j3KHrgMEi8:ctAHCp0zu6IGlyPMJuDItpENb8KLgd
Score

1^/10
behavioral5 behavioral6
- Target
  
  Interop.ADOX.dll
- Size
  
  36KB
- MD5
  
  5d99e31fa7c1975e063d47bb215ddcd0
- SHA1
  
  e300962fd2b52783efd041c09d864ae42fee2c9e
- SHA256
  
  c653bea8fc6832db4c74875077c831ec3d3d236886204dd0f2e496323be651ed
- SHA512
  
  7d60df7948335ec293f49b529f144813fb5333fa69ad660e92234eb9865a7244737240192792f762fdcf236e217693278f0094dacba73f28b35b6435b0f75426
- SSDEEP
  
  384:cWECTVueWzFsXyVH50bSIDxmNiJ1hYy4x6LoRfKZwX7Th6wWrniII8mH71/:cWbVuejXQHdkiiJ1G7RfKZwXd
Score

1^/10
behavioral7 behavioral8
- Target
  
  Interop.ADQX.dll
- Size
  
  1.2MB
- MD5
  
  1dd997884ac9ac47cdad4b91e4fb7930
- SHA1
  
  3e68c912b98277e47663b414d7f68772596b2956
- SHA256
  
  77c8df6cee578d12bf492eed9733322c016e5bfe13df4a63d3ae3fc8fccaee66
- SHA512
  
  624f04b06cad900baa79c73a78e0577d6b640ef78680d5d09bfc093e61e05063a5afeec626c84993a3e7cff348f707533ee91e3828acb363109984c26da2a80f
- SSDEEP
  
  24576:i5cO2BGt7zG4TOaeOvDzCpKts64Q6dw9o6b6jY0KNAoH:FO2sfGdOvXCpQK5y90oAo
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral10 behavioral9
- Target
  
  Interop.ADQX64.dll
- Size
  
  439KB
- MD5
  
  e5b46414c35cdac1e003c6c9df6b82b0
- SHA1
  
  07d4c1c465088db0ca97be43282455382f09dfdc
- SHA256
  
  56a07b2db5ae459cfab072ff7677934b6e46eeac6f36330bf3e62b6c6df27623
- SHA512
  
  e0cc4259980f46c1f3c65b320b2727fcad20809122c7b9b453b3926f2a13c752fdd7feb8a128652465ed3085c094997692b65c810bf5bd692a5af02d5f81bda4
- SSDEEP
  
  6144:7hi37SC//ZTEN2cT8NOyvqA0DlID8zkDDmETZOD7EzJcCmSTK79:g/BEN2DQ+HoaDmET64zuRt
Score

1^/10
behavioral11 behavioral12
- Target
  
  Interop.JPO.dll
- Size
  
  103KB
- MD5
  
  56956d2d96bcdc82ed6a6781591bc039
- SHA1
  
  4bbfc022bd9a891f539779e1a047c640e57e473d
- SHA256
  
  0864b2db89af9a38c4307b79f586c75c6c8ab5ea9c3ffa1f28e2be8428c498d7
- SHA512
  
  1d53268dbbaf3050995af5e15b5a8f77ac5bbacbbded79f5c9518b8e9ab7ff3871079bea840e4274c7f23c2d596014188ecf27da01c8518821e91e091b4308b1
- SSDEEP
  
  1536:LN403VlOLYya6Rsd8ZP2yMGqr9OXpxX4ailPCJDdYMI0eqIeFyR1uEs+fXoO2bMq:f3VZEjP2wqYjOK4MjNI6EFfXoO2bMq
Score

3^/10
behavioral13 behavioral14
- Target
  
  Interop.JRO.dll
- Size
  
  9KB
- MD5
  
  d0f93a924b39033330bbb4773eae8aba
- SHA1
  
  ff32d13c54add617aacd5800afbe6227e1b1b6ef
- SHA256
  
  3ad1a7015fa2f1320c242f5725f2cf1311bfd5927f2feb95812691136ffbc46d
- SHA512
  
  44193cb7200ae9c2ed0dc4d11ac210fb8d8bc908acdcac0a3d3a69c5aed7eb982da5a4527050cff6b5903d959c706b1b963264eb3bb0dbcd50c6c44432ee093c
- SSDEEP
  
  96:fGdIIVk0WXq5S55KzS11HBbUw/DNEb7SPF/1E+54SGqBm4FHfnxkEsQkExar6RZx:fQWXaS5MSdbX/BzPszSGqBm4+CnZ
Score

1^/10
behavioral15 behavioral16
- Target
  
  UUWiseHelper.dll
- Size
  
  159KB
- MD5
  
  ab250ee54abc6c32975a544e9aafd661
- SHA1
  
  be850caea2e01544ed948b66d62785f4215cb0d8
- SHA256
  
  8eb01061f3815509a7e5d4d9010ace0e35fdd75597f22bb477e6caac6cd7d7d4
- SHA512
  
  54a58ccd07191018c3c3f6c06098e59dfe23b5a39347b9252710003e4f4296ff04a8905e05779e0e26b04f448945b2fb5168f1c24a3d250062f81e599db2c399
- SSDEEP
  
  3072:oOn5cODBo4yMAyqstJH0jC4i/E+0TtXW85ROsx:oaSsgbstJHf8DH
Score

3^/10
behavioral17 behavioral18
- Target
  
  dl.dll
- Size
  
  4KB
- MD5
  
  e086344655dcde60ffb606cda68e2d79
- SHA1
  
  440711a5c0e5e4e429431586e956ca94a554e2f0
- SHA256
  
  ec116ea9ca7fdc97366c5006d042b18a8ff73f0ecca4a848d6698f6ec59abe73
- SHA512
  
  69a5bb53351aa62cc513cbb640e37ad23eda5cfe0eb2f6f3558dc976dbdd7b893f166e792a3486fe7fa06d638f30a9c3b78a616a189aa62345f8ab1f3ae6ceb1
- SSDEEP
  
  96:RpNX+/tUNm4k7uozso2RyUVcBvZiQ0E2o8Wb6k0wqgMO:RpNpC7ucso2AMYhiWF505M
Score

1^/10
behavioral19 behavioral20
- Target
  
  irisskin2.dll
- Size
  
  552KB
- MD5
  
  ffa9a1c63b57e9e49e8d0299477fa4d9
- SHA1
  
  e90d631dd5a92a6a946e1d9a34f6c81975b02231
- SHA256
  
  351b228d50b209a9ecacdff5c880100500d2cd9b1db72345f1ec6a8232b9054c
- SHA512
  
  b27b85f2f72093f5dd2f0a9cd7087d867f46c1aecbb0a3d131d3e711230fbefc380deec54aa84e15c2658393c15f7cc863f2931f8801d8273d301a174e5ed8a5
- SSDEEP
  
  12288:EM3mUCSYOdKlXNjLAnkKRPyFzsvex6aNf:EeCtss9ak1JsvI9F
Score

1^/10
behavioral21 behavioral22
- Target
  
  qq_post.exe
- Size
  
  1.1MB
- MD5
  
  641cc768cca07c32e5fb3250299661a8
- SHA1
  
  4a8ccc4f8c864ec627d2a5df6b87c43ff6c45578
- SHA256
  
  4dfe9134a35c3cea04e73ee86e490d25fb8340b6640814912497d999bc328648
- SHA512
  
  d4dc9ee5fc4e3c0a445192328fb44bf029f7699e3739b6628d763e40db7c05ba3301275a51561d9b30222c0a3992cabb39fafd0b674e89595bbdba05845677cd
- SSDEEP
  
  12288:NCVFRHFP1hoG8y+xvfrqTmwnvGrjD2lhiZwpbVIlL/QoNBjUZqdAutKhXiVjgDR:NCVFzC9QAUZAVtKhw
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral23 behavioral24
- Target
  
  QQȺӪ.exe
- Size
  
  81KB
- MD5
  
  72d8e2c1558a77e90a1274177b16a65c
- SHA1
  
  5c54277fa87e43596a58bb2b1fea23147e55b36f
- SHA256
  
  5cbb6f8f780c1169ee530f9f74b319ea40b22aac28c67ea9fcd7327f0de90b4e
- SHA512
  
  c7350797c3951d1d0c31c5a9d61744bd2da12fc0b478ff8196910814edbd2b0d42dd0f79ddf3ff4d77a948e72cb2a61e938e01c8e26953b275da343543da9f9a
- SSDEEP
  
  768:Vhttdb3QKIwlUar5RrbHjBGNfMT+Lde7yvGq:VbkK5lUar5RrbHjBGuKe7wD
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

VMProtect packed file

VMProtect packed file

VMProtect packed file

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26