Overview

overview

8

Static

static

8

6d346056c7...05.exe

windows7-x64

8

6d346056c7...05.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    6d346056c766ed477967601425a4d162d15d429977910083c8a8bdd0d0c1c005.zip

  • Size

    5.0MB

  • Sample

    230102-x8mdtsbb2s

  • MD5

    45315b7ffd5b153d0e3e471f9ba342d3

  • SHA1

    f4253179bde1c4b978d523b024dadbb33547aa24

  • SHA256

    1576372f6cd7f9c9162a71faf3291cf4cd5e60b33071064ade2135487e51a903

  • SHA512

    46d78f82531d01985b884e5867cf07f7bd3ae26f50ca7791275db26f9d035e83ca2dc34834979cd1dec848ebe821a8aa13989acd8b816d6814dd94e028d74256

  • SSDEEP

    98304:6ljeaUubR/EbE1rql4D7EcTAkik7V74fDQR8hoTokd6ek988WjsyXy2zIF:9a19/jqQLTwk7gDQShoTo2+KIyn8F

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      6d346056c766ed477967601425a4d162d15d429977910083c8a8bdd0d0c1c005

    • Size

      5.3MB

    • MD5

      1d7d93fa84ba7c5a5c8b1d62acbb048d

    • SHA1

      d8048fc1e77eca832eab8b809181c3f07fc34cc5

    • SHA256

      6d346056c766ed477967601425a4d162d15d429977910083c8a8bdd0d0c1c005

    • SHA512

      f751d92782c230be153bd11431601f341cc5156dad1f99eb801e8ca0ad22513dfb8225d9fd7e3984b46749bf50a331d511072fe6c48bbac05da5cdf54128daa4

    • SSDEEP

      98304:AW3PlQ/t+WURgaZKI2MSJCeUGHopP1B7OJyaEooPNkAFf9v:1Gl+mZJnosMFHDh

    Score
    8/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks