6413b835503a6c77f347a262f0ce18de15ea59608658aa8c2e51a3433ffe1624

Resubmissions

15-01-2023 00:36

230115-aybg9abe6s 8

15-01-2023 00:11

230115-agp93sfe58 8

15-01-2023 00:06

230115-ad4y3abc3t 8

Sharing

Copy URL

Twitter E-mail

General

Target

interium.rar
Size

14.5MB
Sample

230115-aybg9abe6s
MD5

81b60c6e7141465635226d21723a9df8
SHA1

f3767058e15bc105966717a7aee3cc6f011cd8b3
SHA256

6413b835503a6c77f347a262f0ce18de15ea59608658aa8c2e51a3433ffe1624
SHA512

72a8b78e44fc3e28ec689917c5ec912caf6c2e17d3d162c7880cb80f3a82077e60f2db0f9a74183e1e8871852ff0fdc9e2d223c46d2793572710ed3612531402
SSDEEP

196608:M7Xj8bBRci2CjBJ+RonUoQ3h4AnhRyZjZU/mqQxG38rQF+DaMJTnsyMf7d8zb1tb:MTj81l2ClJ+IUoQ37c1U/OYll4QgRh

Score

8^/10

Malware Config

Targets

- Target
  
  interium/crack/v4.exe
- Size
  
  5KB
- MD5
  
  67601d1b4381c7dafe8e7ad94f38a142
- SHA1
  
  16e6e3a8f666429c1a4941e9c0945a22afd6377a
- SHA256
  
  04a007a31de14d111ec54030e3646422d5ee224177dae95795ac2826a55336f7
- SHA512
  
  63b4666f7212f08c8c9ae24cf914d1694dec5a1daacad0e9e742c0dc39662cc97f1c66722dce99656d3a70277485b25374eb5abad06821c55e73b7f3be7172a3
- SSDEEP
  
  48:C7zRekJFF6G3N1zcuzrRr1nnzrQYAPSC1iF9vhAHyhdUXhQB8sXlE6mN0F3ybCV3:Kjd6uzrh1nf2PSCA3vhghQK+l2K3iw
Score

8^/10

bootkit discovery evasion persistence trojan vmprotect
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

VMProtect packed file

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2