b249a1bd5bbe204d628eb153a9205c85dd1a7702b899f9e12e269c7adb6d0a12 | Triage

Sharing

General

Target

b249a1bd5bbe204d628eb153a9205c85dd1a7702b899f9e12e269c7adb6d0a12
Size

182KB
Sample

221203-hze6tsed39
MD5

793f7f566c83cf642cf511a3b9d40f20
SHA1

a79403fdc51f3968f08e6910e6e77b723b1b6333
SHA256

b249a1bd5bbe204d628eb153a9205c85dd1a7702b899f9e12e269c7adb6d0a12
SHA512

bc58dac7b6a607d9b33491d7334b509c4280de27c02792f2663a324a193ea79ef858076dce2565b087fd594e2987da795b752cd0e087a9ab2063a4adb9dbd1f0
SSDEEP

3072:kgUxT0GrZD0jbbpu4S5xxoysqDv2DI+NPB2+lf4HbEE6KWQNmSF:kJxT0iZojbbpuh5xxokDabNI+pnI

Score

10^/10

evasion trojan vmprotect

Malware Config

Targets

- Target
  
  b249a1bd5bbe204d628eb153a9205c85dd1a7702b899f9e12e269c7adb6d0a12
- Size
  
  182KB
- MD5
  
  793f7f566c83cf642cf511a3b9d40f20
- SHA1
  
  a79403fdc51f3968f08e6910e6e77b723b1b6333
- SHA256
  
  b249a1bd5bbe204d628eb153a9205c85dd1a7702b899f9e12e269c7adb6d0a12
- SHA512
  
  bc58dac7b6a607d9b33491d7334b509c4280de27c02792f2663a324a193ea79ef858076dce2565b087fd594e2987da795b752cd0e087a9ab2063a4adb9dbd1f0
- SSDEEP
  
  3072:kgUxT0GrZD0jbbpu4S5xxoysqDv2DI+NPB2+lf4HbEE6KWQNmSF:kJxT0iZojbbpuh5xxokDabNI+pnI
Score

10^/10

evasion trojan vmprotect
- UAC bypass
  evasion trojan
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanvmprotect

behavioral2

evasiontrojanvmprotect