Overview

overview

8

Static

static

8

8a2a2ae4dd...88.exe

windows7-x64

8

8a2a2ae4dd...88.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    8a2a2ae4ddcf50af4423dc0bc683f65d3f251b634c83c3930590f2c544deb488

  • Size

    122KB

  • Sample

    221203-akw7ssca5w

  • MD5

    d92a608d0ad6ed60bc973c8a845e9cfe

  • SHA1

    cfae227f6af799f2042da5632f7cae2028cdf0c3

  • SHA256

    8a2a2ae4ddcf50af4423dc0bc683f65d3f251b634c83c3930590f2c544deb488

  • SHA512

    c8c64acfef5cff2d36b4c4d6ef0e4690cbe2f1cf3ed10f6f8565ac6c4fc3a21e6751a1e9c137fe47881afd862b3a742c8dfc18db44d5d569ed40a169b253604b

  • SSDEEP

    3072:CnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kD:CDn440zt46i4EruLorkD

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      8a2a2ae4ddcf50af4423dc0bc683f65d3f251b634c83c3930590f2c544deb488

    • Size

      122KB

    • MD5

      d92a608d0ad6ed60bc973c8a845e9cfe

    • SHA1

      cfae227f6af799f2042da5632f7cae2028cdf0c3

    • SHA256

      8a2a2ae4ddcf50af4423dc0bc683f65d3f251b634c83c3930590f2c544deb488

    • SHA512

      c8c64acfef5cff2d36b4c4d6ef0e4690cbe2f1cf3ed10f6f8565ac6c4fc3a21e6751a1e9c137fe47881afd862b3a742c8dfc18db44d5d569ed40a169b253604b

    • SSDEEP

      3072:CnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kD:CDn440zt46i4EruLorkD

    Score
    8/10
    persistencevmprotect

    • Sets DLL path for service in the registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks