803246a15fd62e227e8e25a1b078e0c35833e942cab4db265e78fd7a52367af8 | Triage

Sharing

General

Target

Updates.rar
Size

8.9MB
Sample

230107-kxtybadb72
MD5

3e2d598646aecb045e1af87d8ab42e66
SHA1

b09c564f2407892c21031513f49459ffb7246e47
SHA256

803246a15fd62e227e8e25a1b078e0c35833e942cab4db265e78fd7a52367af8
SHA512

3f4006d602977724743b7e62c10709e7d5cfcc6e71e3fc4ff6f794b57a9bce844232d37032e6ae7199c140b06d9b6215d65b50860c9638cfab1668752089a94a
SSDEEP

196608:NwF/WH3obvbltDvp98ga3cPSPn2DDDkQwblpkSfil32FgFRp3QJu:M44bDlxvpaga3r2TklpkVtTgu

Score

10^/10

evasion persistence trojan vmprotect

Malware Config

Targets

- Target
  
  Resource.bin
- Size
  
  5.3MB
- MD5
  
  6a550314f437a3300472e002db233e71
- SHA1
  
  d647a8d2c5a6f5d37e232cc23988c59bd91fcae1
- SHA256
  
  0c84d842ddeffe9808ae2a861400307c899a4994a21e01aedd3baf27930b92ea
- SHA512
  
  47026ece08467a49679893179527930960f6d24cee5a7adfffb2254df5758b4c45b7a114b41faae2eed40492285584fc2fc747497885076dfc1f884ac5a685e7
- SSDEEP
  
  98304:9OsQJ4iwP6i1T67GroVbEDschBd0zSlsUrfcRmGpFC:0xJ4dSS67GEsRkzSuUTgtFC
Score

3^/10
behavioral1
- Target
  
  Run.vbs
- Size
  
  1015B
- MD5
  
  2945c117350c3403f73f6e6a32a30a77
- SHA1
  
  cbd5c7d85d7d2204000e79ba8b144e40ffcaf6b7
- SHA256
  
  5fd291193f2735fb5f3dcece48f542f897d56532b153b174455db19d183ea6a4
- SHA512
  
  3faec7d84284b3ec7b9e832b239bf51cb6a4300aa3d5763bd0dff0f929a3fa1964ecfd70e8c72955443bf24e62875d1ca241d8a7868e5e0e399fc7d81538e621
Score

3^/10
behavioral2
- Target
  
  WindowsService.exe
- Size
  
  5.3MB
- MD5
  
  1d7d93fa84ba7c5a5c8b1d62acbb048d
- SHA1
  
  d8048fc1e77eca832eab8b809181c3f07fc34cc5
- SHA256
  
  6d346056c766ed477967601425a4d162d15d429977910083c8a8bdd0d0c1c005
- SHA512
  
  f751d92782c230be153bd11431601f341cc5156dad1f99eb801e8ca0ad22513dfb8225d9fd7e3984b46749bf50a331d511072fe6c48bbac05da5cdf54128daa4
- SSDEEP
  
  98304:AW3PlQ/t+WURgaZKI2MSJCeUGHopP1B7OJyaEooPNkAFf9v:1Gl+mZJnosMFHDh
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3
- Target
  
  import.reg
- Size
  
  4KB
- MD5
  
  cd403a43119b0ad8aca8ad920f7758f8
- SHA1
  
  7cbaaaff573326c20ee531e64ad66001b61fef78
- SHA256
  
  0c53460dc124db6c337e75ac0cbbcaffd1d59df593a8e23d44d3bf69f92f3064
- SHA512
  
  eccac6834009c6e91a72857e15688ed32944a9c34d21fb666bc2cde365b2347abc62b44c11d08ee230de9970d8687cf71fb9756bb02cdc903fd1b75e50c29020
- SSDEEP
  
  96:PrcwgHarrZtxg+BfiCjWZQl/vKj0hMXmNZ0/ZIZmZ5aYhwHShnwHV:P/NjrlVOU
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Adds Run key to start application
  persistence
behavioral4
- Target
  
  md5.txt
- Size
  
  33B
- MD5
  
  e6dafa554d028b29ede71640522a9f36
- SHA1
  
  da48fb1ccd092ae8127c8ebb39170a1ba632498d
- SHA256
  
  6b094ceff79677700d45d9b8288fa2a317df6b36ca6ada7dfb1ddff195817b88
- SHA512
  
  b223144d3ba232f3eb905c234e813c8e034d34478829f2a8690ee6e99edd9f4598383d6e78c66fad924eb2a2e19f3ffd823c1961c326acb9452df6f056e44e81
Score

1^/10
behavioral5
- Target
  
  updatebackend.log
- Size
  
  4B
- MD5
  
  5a01f0597ac4bdf35c24846734ee9a76
- SHA1
  
  a385d9e8d3b9d07483e610819de992510883b36b
- SHA256
  
  b33ed571eded536f0f0bc2be4e4384055acd592fe6652a555320fdca4dbeb175
- SHA512
  
  42caf8b73b98f8cb1d9bfbf477b468414bc0fe9160d4e5151076ffe284b78d10227cac7b4f435a29f79768358a74406960e62a90222a0258b4a4662f2efa4008
Score

1^/10
behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

evasionpersistencetrojan

behavioral5

behavioral6