General

  • Target

    804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78

  • Size

    400KB

  • Sample

    221129-hwx78sff93

  • MD5

    ea48a9ca64f7418365b9604aa7a97aeb

  • SHA1

    795340a02494d3ff0406e5139fa4027189912676

  • SHA256

    804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78

  • SHA512

    e04b7eb4e10bdf4f8babbae1439f6a78e6e8721bb7c47301eafe1a5e410abdf8bf604aa89db53409eba2a76bacd6f636a77169e15f4b73106eadaa3cee00f7ac

  • SSDEEP

    6144:HJqr5L3BT9qj8tfRlIgVVu+z1J+x3DdHO2kju9m8nlm96+igw:HJ03BBFdXrj53+ZRHOvjumclnxB

Malware Config

Targets

    • Target

      804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78

    • Size

      400KB

    • MD5

      ea48a9ca64f7418365b9604aa7a97aeb

    • SHA1

      795340a02494d3ff0406e5139fa4027189912676

    • SHA256

      804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78

    • SHA512

      e04b7eb4e10bdf4f8babbae1439f6a78e6e8721bb7c47301eafe1a5e410abdf8bf604aa89db53409eba2a76bacd6f636a77169e15f4b73106eadaa3cee00f7ac

    • SSDEEP

      6144:HJqr5L3BT9qj8tfRlIgVVu+z1J+x3DdHO2kju9m8nlm96+igw:HJ03BBFdXrj53+ZRHOvjumclnxB

    • Drops file in Drivers directory

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks