Overview

overview

8

Static

static

8

fb0fb81218...90.dll

windows7-x64

8

fb0fb81218...90.dll

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    fb0fb81218d8bde9c9259315aa668d78ea7490ecde7b94366eb44d97872e7790

  • Size

    130KB

  • Sample

    221205-v3lh8sea2v

  • MD5

    1db94162a3ddef85cf2eb3fdc1092ac6

  • SHA1

    488e4767be2ea1746d7da5cc89d3392b6ab6e788

  • SHA256

    fb0fb81218d8bde9c9259315aa668d78ea7490ecde7b94366eb44d97872e7790

  • SHA512

    846b16ecac1c5b9583c466aeb6908424e4ef25c921a456d852fa375609ebe3f0f1fb8357edd2d6ec39dffcf3d60b470c8f7c9d77b62b860c21d7940b5e2ced99

  • SSDEEP

    3072:LH8MGmq8Fr+kHn2L0bzRMcXAZ7tc30X2vQxGJg7iv:LH8JmRtH2L0ZjXC7XXbJ

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      fb0fb81218d8bde9c9259315aa668d78ea7490ecde7b94366eb44d97872e7790

    • Size

      130KB

    • MD5

      1db94162a3ddef85cf2eb3fdc1092ac6

    • SHA1

      488e4767be2ea1746d7da5cc89d3392b6ab6e788

    • SHA256

      fb0fb81218d8bde9c9259315aa668d78ea7490ecde7b94366eb44d97872e7790

    • SHA512

      846b16ecac1c5b9583c466aeb6908424e4ef25c921a456d852fa375609ebe3f0f1fb8357edd2d6ec39dffcf3d60b470c8f7c9d77b62b860c21d7940b5e2ced99

    • SSDEEP

      3072:LH8MGmq8Fr+kHn2L0bzRMcXAZ7tc30X2vQxGJg7iv:LH8JmRtH2L0ZjXC7XXbJ

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks