Overview

overview

8

Static

static

8

e96e842390...b6.exe

windows7-x64

8

e96e842390...b6.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e96e842390516824d89217fcf66c8131375e2dfaa1f5ec54beed2de428a99eb6

  • Size

    392KB

  • Sample

    221206-vtbbxaba9s

  • MD5

    c8be524dc4c63aec430b43e0f88d8173

  • SHA1

    ab2726cc33f852dcd137e5854b6c0f84637345c2

  • SHA256

    e96e842390516824d89217fcf66c8131375e2dfaa1f5ec54beed2de428a99eb6

  • SHA512

    cd74e66215c5a883d5b51d7da9c55d99934c4578108c2bd56877682025150bf44f003f4e420ec7792df546575cfa0581fddcad634632eaa674edd490b59d65e0

  • SSDEEP

    6144:+svofLNi65WBWs1f1plvfeuGuh6Bjpd6uFv05wATpcI9DMV93Ph:voDu4Aflvm706BjOuFvJAT/DMrP

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      e96e842390516824d89217fcf66c8131375e2dfaa1f5ec54beed2de428a99eb6

    • Size

      392KB

    • MD5

      c8be524dc4c63aec430b43e0f88d8173

    • SHA1

      ab2726cc33f852dcd137e5854b6c0f84637345c2

    • SHA256

      e96e842390516824d89217fcf66c8131375e2dfaa1f5ec54beed2de428a99eb6

    • SHA512

      cd74e66215c5a883d5b51d7da9c55d99934c4578108c2bd56877682025150bf44f003f4e420ec7792df546575cfa0581fddcad634632eaa674edd490b59d65e0

    • SSDEEP

      6144:+svofLNi65WBWs1f1plvfeuGuh6Bjpd6uFv05wATpcI9DMV93Ph:voDu4Aflvm706BjOuFvJAT/DMrP

    Score
    8/10
    persistencevmprotect

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks