Overview

overview

8

Static

static

8

259c9ff2c5...fe.exe

windows7-x64

8

259c9ff2c5...fe.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    259c9ff2c55d9389d6f8f27cf8c205813aff70b7d41af1fa8deb65e8cfcaabfe

  • Size

    4.1MB

  • Sample

    221127-eymyhahe82

  • MD5

    7f9d6e2d6abd0822a026cb9158b678ea

  • SHA1

    d327e6ae351a3ee537d7f68856b787b934f56523

  • SHA256

    259c9ff2c55d9389d6f8f27cf8c205813aff70b7d41af1fa8deb65e8cfcaabfe

  • SHA512

    69e17ba18a1836b99a9f07f6436cfb1f58c1e61dbe80a210cd41adc1c9715833a8b675137c6058760e3d617c95f6f99d9850848b6bd451ffa425e27bbde8cce8

  • SSDEEP

    98304:q4BJn6JhCv3RxR2xKT9JzbzwlKvm8+WTIETnrMZrK1/1xBSxGtZyj3/YywEx3mmg:qG5LR2xKxtfwlKvmFW9rMZro1kOyEt2g

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      259c9ff2c55d9389d6f8f27cf8c205813aff70b7d41af1fa8deb65e8cfcaabfe

    • Size

      4.1MB

    • MD5

      7f9d6e2d6abd0822a026cb9158b678ea

    • SHA1

      d327e6ae351a3ee537d7f68856b787b934f56523

    • SHA256

      259c9ff2c55d9389d6f8f27cf8c205813aff70b7d41af1fa8deb65e8cfcaabfe

    • SHA512

      69e17ba18a1836b99a9f07f6436cfb1f58c1e61dbe80a210cd41adc1c9715833a8b675137c6058760e3d617c95f6f99d9850848b6bd451ffa425e27bbde8cce8

    • SSDEEP

      98304:q4BJn6JhCv3RxR2xKT9JzbzwlKvm8+WTIETnrMZrK1/1xBSxGtZyj3/YywEx3mmg:qG5LR2xKxtfwlKvmFW9rMZro1kOyEt2g

    Score
    8/10
    vmprotectpersistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks