Overview

overview

8

Static

static

8

cftyfzhq/[...��.exe

windows7-x64

8

cftyfzhq/[...��.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5a58c883ae4533e9f05a18a459244006fa511fb4885710c217b039cea92fc4a

  • Size

    561KB

  • Sample

    221127-ehjadage83

  • MD5

    5038ea3c8da7e50c2cc49c0ac49c4557

  • SHA1

    f1cce47014cff7f9c9779cf0989acc49541cc393

  • SHA256

    f5a58c883ae4533e9f05a18a459244006fa511fb4885710c217b039cea92fc4a

  • SHA512

    3ee31a0464dcbf0d36f9a9fb037a881e24bb4bf6b7db93a4784c9e38bcfaeecfc42e08dc7c8fc0ed7a225816c090a88d2b9156147a3ea0972781a78d30728482

  • SSDEEP

    12288:GQA1HKlCFhJtM7e5IJDDXx527UAjuDrj3hKy63KG1mDpS4:KRFWIIJve7Uucp6yDg4

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      cftyfzhq/[散人]CF体验服转换.exe

    • Size

      612KB

    • MD5

      884a33ef39413276cb6d2e29491ad852

    • SHA1

      61713c42ce4b3373d74565c095459404677ca25b

    • SHA256

      fee51477c9805fe9dc1a1cda9c598fa6b853fb60fafce4d4a4a4002a0cf901d3

    • SHA512

      1efec4e0bb48b100260a595608015bf0a4dff8349105f3d67a5d5c657c570399f59f0785aef1a78d7777c0d636da14d7cd65ad9eeb526563f2924b8f8e9ea3b6

    • SSDEEP

      12288:gXvVbUISJIl0bwwAMrXUf4lv4+P9EtepRYbcWM635Q+lIn1r1xpZUe84K+gvhH0Z:wNU3c00CrX3vTP91DY3bJQIIn1r1xIen

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks