1a3050028af1dea85c09585eda56e2f76c8f0e77e369c2f8ab567e289147c060 | Triage

Sharing

General

Target

1a3050028af1dea85c09585eda56e2f76c8f0e77e369c2f8ab567e289147c060
Size

8.5MB
Sample

221126-w86a9seg76
MD5

5a873447f1397233c97dc007f19d1863
SHA1

38e314aabfc0232020590ee85be7d6affa04b836
SHA256

1a3050028af1dea85c09585eda56e2f76c8f0e77e369c2f8ab567e289147c060
SHA512

e8cb7c1386ffe00f1ac47a08f63e256319bf4bb595ae710c4265b5d4248e4eeb0cbc405c63e16c055f5ed3c37de9da91f530b72a1e8057e28d930d95e2bd77dd
SSDEEP

196608:KaeTnw+HQdHM5NiZKHaVsqYf2YmkISuFWS0nFL7Cv4LM5c12Ko:72nfGMXis3Je2ru4S0FLiVT

Score

8^/10

vmprotect

Malware Config

Targets

- Target
  
  DNBInternal.dll
- Size
  
  2.8MB
- MD5
  
  b83ee93d6548da1441d154f7ff33026b
- SHA1
  
  de3cc41655e549c37798d9ec8151c4b536db7779
- SHA256
  
  fc8afb07c03548cbc257576aad4e637506b669f068642943ddaa4c9a806a8c89
- SHA512
  
  13b161f15c57f32da5506d2406fcdeb4a84e4634dc3bf7b3d968c0979b4bcf5c07a5a14b091e9e1a35803846a1c9deda139a6fb2eff604716e813aaa695cf83c
- SSDEEP
  
  49152:KtRfbkWEVG3EOv/ViBlCat/Yi3XhOqLdpsdP0ZvMgRNG5i/Unw8eVA721IeRu3om:4RwrE33v/Lat/YiDxpI01RNL/X8eVP1o
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2
- Target
  
  superec.ProcessMemory.sys
- Size
  
  3KB
- MD5
  
  7fc8f430b830c119640c606de9bb907c
- SHA1
  
  d9344f89a9d0d6fdc4629f64e8387d86f67b76e0
- SHA256
  
  bec02a2c50d37bc4af67b7797230a9ed7018d26170d71becc77e99054e72acec
- SHA512
  
  f68bb705b1f33d6f58e93f3b1184a32b588f56d41722372d168b0cada8f54f2838558cd000486983167c4e0fd9a66a6b1ff56a8aacc69dc9573280223c9841f6
Score

1^/10
behavioral3 behavioral4
- Target
  
  ڲ.exe
- Size
  
  5.8MB
- MD5
  
  e9aa2f4fb70cdd6d51c740b52dc8725f
- SHA1
  
  a94785c80242835dd6340ce7052096b8a942efd7
- SHA256
  
  9aec45546fe5a83f64cc0621a6e7f25304a880feef45a67f8d7f574513620824
- SHA512
  
  cd905abb6c4645d05b8f672388d0c8f75aaaea2bde916e3bf9ae4b2c0a5ae61236485fda4df0367ea0098c9a7e4f7612c4ca0251d9ac98275ebae1f06ba16204
- SSDEEP
  
  98304:gFrCFggZsx0a818+oWxAxTPOsRJAoR9MUOW3dI7BYYnSHlJaLysS4Q/gjq2N:hFgUsCPdoZwoQUttIaYSzaLystb
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral5 behavioral6
- Target
  
  ȵ.EXE
- Size
  
  116KB
- MD5
  
  5acdbde1906b8594bda7632833b750bf
- SHA1
  
  8f63117a5d0326ac80ef477c262608bc6cb0f4c3
- SHA256
  
  4cbe7440076d448a603618077552ff4fa70a524668938fc23a1512834069de15
- SHA512
  
  555dac5b4880c8112c6e0376fdd59855db214f8845348ac053a76695a60be501097564c0b6f3f0f6622d2b286ce1af9680ed49ca89f7e1a0f6ddc9376b49396a
- SSDEEP
  
  1536:Ld+ixw+o8mTEmZ4Ife32kuCO0jWWarHWQuajofDijaptI:jwFmFIfD8O88GGofD1ptI
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8