1c307877b29bfa741b365fa9a05373160ad5bf98608de2a847a4b8231174d1de

Sharing

Copy URL

Twitter E-mail

General

Target

1c307877b29bfa741b365fa9a05373160ad5bf98608de2a847a4b8231174d1de
Size

7.3MB
Sample

221126-v2h2qabe73
MD5

c4783d1f7c68d86b10c4df39d0c0ac00
SHA1

48d1d59bab611e9cd768829aba6d41ec5d0b8df1
SHA256

1c307877b29bfa741b365fa9a05373160ad5bf98608de2a847a4b8231174d1de
SHA512

00b972eb8c53cf7e9c4b4b1795b685d136cf1bfd59691ad88a5578145d73bcbf4a24119c3588e7bd2ae51f759142129b0077f1439a8a075016c2510f2c770b8b
SSDEEP

196608:S3vJtiTHzCllvJtiTHHOq1R3vJtiTHzUqlQ3RRp:AteHzGteHH9teHzYp

Score

8^/10

vmprotect

Malware Config

Targets

- Target
  
  FastVerCode.dll
- Size
  
  76KB
- MD5
  
  afbd7ce0444d74992c3a7ba2c6856819
- SHA1
  
  1fe1ec080a42387b2d7c3f93a85e3b01ef833127
- SHA256
  
  360219f58aed55df91f745ab1b6b0ea3119e38cab6ba9177bb934bb870e1de8a
- SHA512
  
  a5d974786c629374f1a4b1c96656bf78995b021b2876328ef2d125f4fcb823d763c189688de39aa66143e33cf4555bcfd7ca1a8b8e151de734b856dd1d184847
- SSDEEP
  
  1536:P16i/yx+DQQ2axHoEdcwU5c+xtBuK3kU4:Ei/yxy2axIWavBugkJ
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral3 behavioral4
- Target
  
  Interop.ADODB.dll
- Size
  
  100KB
- MD5
  
  cd3a6224a31d0990694377d72ddffcf8
- SHA1
  
  4f8c9aaaffbe3fb862acc7be9918949e4941df50
- SHA256
  
  4a17ba10cee159d82b521046f49a5cc9c9ee1da668ae028fbf281861b292b991
- SHA512
  
  2e086559c41b25bd508f38d11d6485af45f14854655bb64e5bf9d69f544d4a9d4c6d92cfb10323f452724638cf703b5378fa6a08fe3ebe009dec2f7e72334441
- SSDEEP
  
  3072:czZAHCp0zu6IGlyPMJuDINT35+DNqOtS5z5j3KHrgMEi8:ctAHCp0zu6IGlyPMJuDItpENb8KLgd
Score

1^/10
behavioral5 behavioral6
- Target
  
  Interop.ADOX.dll
- Size
  
  36KB
- MD5
  
  5d99e31fa7c1975e063d47bb215ddcd0
- SHA1
  
  e300962fd2b52783efd041c09d864ae42fee2c9e
- SHA256
  
  c653bea8fc6832db4c74875077c831ec3d3d236886204dd0f2e496323be651ed
- SHA512
  
  7d60df7948335ec293f49b529f144813fb5333fa69ad660e92234eb9865a7244737240192792f762fdcf236e217693278f0094dacba73f28b35b6435b0f75426
- SSDEEP
  
  384:cWECTVueWzFsXyVH50bSIDxmNiJ1hYy4x6LoRfKZwX7Th6wWrniII8mH71/:cWbVuejXQHdkiiJ1G7RfKZwXd
Score

1^/10
behavioral7 behavioral8
- Target
  
  Interop.ADQX.dll
- Size
  
  1.2MB
- MD5
  
  1dd997884ac9ac47cdad4b91e4fb7930
- SHA1
  
  3e68c912b98277e47663b414d7f68772596b2956
- SHA256
  
  77c8df6cee578d12bf492eed9733322c016e5bfe13df4a63d3ae3fc8fccaee66
- SHA512
  
  624f04b06cad900baa79c73a78e0577d6b640ef78680d5d09bfc093e61e05063a5afeec626c84993a3e7cff348f707533ee91e3828acb363109984c26da2a80f
- SSDEEP
  
  24576:i5cO2BGt7zG4TOaeOvDzCpKts64Q6dw9o6b6jY0KNAoH:FO2sfGdOvXCpQK5y90oAo
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral10 behavioral9
- Target
  
  Interop.ADQX64.dll
- Size
  
  439KB
- MD5
  
  e5b46414c35cdac1e003c6c9df6b82b0
- SHA1
  
  07d4c1c465088db0ca97be43282455382f09dfdc
- SHA256
  
  56a07b2db5ae459cfab072ff7677934b6e46eeac6f36330bf3e62b6c6df27623
- SHA512
  
  e0cc4259980f46c1f3c65b320b2727fcad20809122c7b9b453b3926f2a13c752fdd7feb8a128652465ed3085c094997692b65c810bf5bd692a5af02d5f81bda4
- SSDEEP
  
  6144:7hi37SC//ZTEN2cT8NOyvqA0DlID8zkDDmETZOD7EzJcCmSTK79:g/BEN2DQ+HoaDmET64zuRt
Score

1^/10
behavioral11 behavioral12
- Target
  
  Interop.JPO.dll
- Size
  
  103KB
- MD5
  
  56956d2d96bcdc82ed6a6781591bc039
- SHA1
  
  4bbfc022bd9a891f539779e1a047c640e57e473d
- SHA256
  
  0864b2db89af9a38c4307b79f586c75c6c8ab5ea9c3ffa1f28e2be8428c498d7
- SHA512
  
  1d53268dbbaf3050995af5e15b5a8f77ac5bbacbbded79f5c9518b8e9ab7ff3871079bea840e4274c7f23c2d596014188ecf27da01c8518821e91e091b4308b1
- SSDEEP
  
  1536:LN403VlOLYya6Rsd8ZP2yMGqr9OXpxX4ailPCJDdYMI0eqIeFyR1uEs+fXoO2bMq:f3VZEjP2wqYjOK4MjNI6EFfXoO2bMq
Score

1^/10
behavioral13 behavioral14
- Target
  
  Interop.JRO.dll
- Size
  
  9KB
- MD5
  
  d0f93a924b39033330bbb4773eae8aba
- SHA1
  
  ff32d13c54add617aacd5800afbe6227e1b1b6ef
- SHA256
  
  3ad1a7015fa2f1320c242f5725f2cf1311bfd5927f2feb95812691136ffbc46d
- SHA512
  
  44193cb7200ae9c2ed0dc4d11ac210fb8d8bc908acdcac0a3d3a69c5aed7eb982da5a4527050cff6b5903d959c706b1b963264eb3bb0dbcd50c6c44432ee093c
- SSDEEP
  
  96:fGdIIVk0WXq5S55KzS11HBbUw/DNEb7SPF/1E+54SGqBm4FHfnxkEsQkExar6RZx:fQWXaS5MSdbX/BzPszSGqBm4+CnZ
Score

1^/10
behavioral15 behavioral16
- Target
  
  UUWiseHelper.dll
- Size
  
  159KB
- MD5
  
  ab250ee54abc6c32975a544e9aafd661
- SHA1
  
  be850caea2e01544ed948b66d62785f4215cb0d8
- SHA256
  
  8eb01061f3815509a7e5d4d9010ace0e35fdd75597f22bb477e6caac6cd7d7d4
- SHA512
  
  54a58ccd07191018c3c3f6c06098e59dfe23b5a39347b9252710003e4f4296ff04a8905e05779e0e26b04f448945b2fb5168f1c24a3d250062f81e599db2c399
- SSDEEP
  
  3072:oOn5cODBo4yMAyqstJH0jC4i/E+0TtXW85ROsx:oaSsgbstJHf8DH
Score

3^/10
behavioral17 behavioral18
- Target
  
  dl.dll
- Size
  
  4KB
- MD5
  
  e086344655dcde60ffb606cda68e2d79
- SHA1
  
  440711a5c0e5e4e429431586e956ca94a554e2f0
- SHA256
  
  ec116ea9ca7fdc97366c5006d042b18a8ff73f0ecca4a848d6698f6ec59abe73
- SHA512
  
  69a5bb53351aa62cc513cbb640e37ad23eda5cfe0eb2f6f3558dc976dbdd7b893f166e792a3486fe7fa06d638f30a9c3b78a616a189aa62345f8ab1f3ae6ceb1
- SSDEEP
  
  96:RpNX+/tUNm4k7uozso2RyUVcBvZiQ0E2o8Wb6k0wqgMO:RpNpC7ucso2AMYhiWF505M
Score

1^/10
behavioral19 behavioral20
- Target
  
  irisskin2.dll
- Size
  
  552KB
- MD5
  
  ffa9a1c63b57e9e49e8d0299477fa4d9
- SHA1
  
  e90d631dd5a92a6a946e1d9a34f6c81975b02231
- SHA256
  
  351b228d50b209a9ecacdff5c880100500d2cd9b1db72345f1ec6a8232b9054c
- SHA512
  
  b27b85f2f72093f5dd2f0a9cd7087d867f46c1aecbb0a3d131d3e711230fbefc380deec54aa84e15c2658393c15f7cc863f2931f8801d8273d301a174e5ed8a5
- SSDEEP
  
  12288:EM3mUCSYOdKlXNjLAnkKRPyFzsvex6aNf:EeCtss9ak1JsvI9F
Score

1^/10
behavioral21 behavioral22
- Target
  
  qq_post.exe
- Size
  
  1.1MB
- MD5
  
  2c2bbff1623e1bd5e6b95238b5ec414f
- SHA1
  
  23bd5122c3d3f08e964ed93320884d84ecdb51ae
- SHA256
  
  5bffd08245765c4d876206118abfd46b7936a42feeecb30e39ae39f643f4fba1
- SHA512
  
  f9997f610ab760b3785f18efb04726ca1f496a14fd59c0f1b9b507fb3015d3e5b24c12f1f8071d254fe0ab69392452b8dfed0643452270eb3636ab1625f0dbda
- SSDEEP
  
  12288:n4WXqVFRvFY4VfReChGGejOlqKD2yWLX7OImIlphyZCskWX2cujU:n4W6VFWlIX5uj
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral23 behavioral24
- Target
  
  qq_post1.4/FastVerCode.dll
- Size
  
  76KB
- MD5
  
  afbd7ce0444d74992c3a7ba2c6856819
- SHA1
  
  1fe1ec080a42387b2d7c3f93a85e3b01ef833127
- SHA256
  
  360219f58aed55df91f745ab1b6b0ea3119e38cab6ba9177bb934bb870e1de8a
- SHA512
  
  a5d974786c629374f1a4b1c96656bf78995b021b2876328ef2d125f4fcb823d763c189688de39aa66143e33cf4555bcfd7ca1a8b8e151de734b856dd1d184847
- SSDEEP
  
  1536:P16i/yx+DQQ2axHoEdcwU5c+xtBuK3kU4:Ei/yxy2axIWavBugkJ
Score

8^/10
- Blocklisted process makes network request
behavioral25 behavioral26
- Target
  
  qq_post1.4/ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral27 behavioral28
- Target
  
  qq_post1.4/Interop.ADODB.dll
- Size
  
  100KB
- MD5
  
  cd3a6224a31d0990694377d72ddffcf8
- SHA1
  
  4f8c9aaaffbe3fb862acc7be9918949e4941df50
- SHA256
  
  4a17ba10cee159d82b521046f49a5cc9c9ee1da668ae028fbf281861b292b991
- SHA512
  
  2e086559c41b25bd508f38d11d6485af45f14854655bb64e5bf9d69f544d4a9d4c6d92cfb10323f452724638cf703b5378fa6a08fe3ebe009dec2f7e72334441
- SSDEEP
  
  3072:czZAHCp0zu6IGlyPMJuDINT35+DNqOtS5z5j3KHrgMEi8:ctAHCp0zu6IGlyPMJuDItpENb8KLgd
Score

1^/10
behavioral29 behavioral30
- Target
  
  qq_post1.4/Interop.ADOX.dll
- Size
  
  36KB
- MD5
  
  5d99e31fa7c1975e063d47bb215ddcd0
- SHA1
  
  e300962fd2b52783efd041c09d864ae42fee2c9e
- SHA256
  
  c653bea8fc6832db4c74875077c831ec3d3d236886204dd0f2e496323be651ed
- SHA512
  
  7d60df7948335ec293f49b529f144813fb5333fa69ad660e92234eb9865a7244737240192792f762fdcf236e217693278f0094dacba73f28b35b6435b0f75426
- SSDEEP
  
  384:cWECTVueWzFsXyVH50bSIDxmNiJ1hYy4x6LoRfKZwX7Th6wWrniII8mH71/:cWbVuejXQHdkiiJ1G7RfKZwXd
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

VMProtect packed file

VMProtect packed file

Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32