Overview

overview

10

Static

static

8

23979fef41...b4.exe

windows7-x64

10

23979fef41...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23979fef41098205fb4f66e2b8a02b9ff76da78baf626a0a3ded3843c43ab6b4

  • Size

    166KB

  • Sample

    221129-mdys9sab79

  • MD5

    d0e8680537bfb431ababe0a74d090d8c

  • SHA1

    55232def484da9ae466eca50fa8060a11987a88f

  • SHA256

    23979fef41098205fb4f66e2b8a02b9ff76da78baf626a0a3ded3843c43ab6b4

  • SHA512

    3fa96ba12d09590d99d5f92265894002f7eb05cb7db5080ed7b1bbfc66e75d6cff4850344ee4e5ce8e9d75683593522f8b167d78c76666b62ddff00faa3de756

  • SSDEEP

    3072:SNPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:SL19UMzQZbbGshVhfGscLRlqWrfte8

Score
10/10
evasiontrojanvmprotect

Malware Config

Targets

    • Target

      23979fef41098205fb4f66e2b8a02b9ff76da78baf626a0a3ded3843c43ab6b4

    • Size

      166KB

    • MD5

      d0e8680537bfb431ababe0a74d090d8c

    • SHA1

      55232def484da9ae466eca50fa8060a11987a88f

    • SHA256

      23979fef41098205fb4f66e2b8a02b9ff76da78baf626a0a3ded3843c43ab6b4

    • SHA512

      3fa96ba12d09590d99d5f92265894002f7eb05cb7db5080ed7b1bbfc66e75d6cff4850344ee4e5ce8e9d75683593522f8b167d78c76666b62ddff00faa3de756

    • SSDEEP

      3072:SNPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:SL19UMzQZbbGshVhfGscLRlqWrfte8

    Score
    10/10
    evasiontrojanvmprotect

    • UAC bypass

      evasiontrojan

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks