Overview

overview

8

Static

static

8

481a731ba9...04.exe

windows7-x64

8

481a731ba9...04.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    481a731ba935c8b42d3304476a9977888b3649dc797e6817d8c4854cb3aa0604

  • Size

    106KB

  • Sample

    221129-lberyaaa2w

  • MD5

    1011b88ddcca478ae5545598bbe7a860

  • SHA1

    5094d9b90ad9ce3e6fd8490dbf94dfd7e21070e2

  • SHA256

    481a731ba935c8b42d3304476a9977888b3649dc797e6817d8c4854cb3aa0604

  • SHA512

    71fad2ef8d073cf84b4a13d78f7fd9cf245eb7b7feb4bc843378d6acff136a5c23b73ddde52ad06559ae1c1d036540bb384979ac78ac9f3feb94335552dcedbd

  • SSDEEP

    3072:7YBjzosGnQpOe237XE35XeE79enCiM5cEwDjAS+p:XsGQwb37XE3ZeykGnqES+p

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      481a731ba935c8b42d3304476a9977888b3649dc797e6817d8c4854cb3aa0604

    • Size

      106KB

    • MD5

      1011b88ddcca478ae5545598bbe7a860

    • SHA1

      5094d9b90ad9ce3e6fd8490dbf94dfd7e21070e2

    • SHA256

      481a731ba935c8b42d3304476a9977888b3649dc797e6817d8c4854cb3aa0604

    • SHA512

      71fad2ef8d073cf84b4a13d78f7fd9cf245eb7b7feb4bc843378d6acff136a5c23b73ddde52ad06559ae1c1d036540bb384979ac78ac9f3feb94335552dcedbd

    • SSDEEP

      3072:7YBjzosGnQpOe237XE35XeE79enCiM5cEwDjAS+p:XsGQwb37XE3ZeykGnqES+p

    Score
    8/10
    persistencevmprotect

    • Sets DLL path for service in the registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks