Overview

overview

8

Static

static

7

Cherry_Per...er.exe

windows7-x64

7

Cherry_Per...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cherry_Perm_Loader.exe

  • Size

    5.2MB

  • Sample

    230324-zldvaahc62

  • MD5

    a2a7b11ea0218d976421a3175b746073

  • SHA1

    074036ae04df474d68fd04e8d910a09b3f5b7a6c

  • SHA256

    5278f2641212c12b3604728d983b64c55da8037aa9d29d38bd338890c1b4253c

  • SHA512

    428d34eeedd711b3367da4184de8d051da08fac59ab0936a27597d4fa0c8fe24585a411167838545434a1b663993200b9957c97cba1b3fe02f5fa257db9e90cf

  • SSDEEP

    98304:YQo5KB5D5+CPb5TXWA7vzKXq/WNxNjR1zFr9DvdHIY:YQIQDbPb5Tmbq/0jvDvh

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      Cherry_Perm_Loader.exe

    • Size

      5.2MB

    • MD5

      a2a7b11ea0218d976421a3175b746073

    • SHA1

      074036ae04df474d68fd04e8d910a09b3f5b7a6c

    • SHA256

      5278f2641212c12b3604728d983b64c55da8037aa9d29d38bd338890c1b4253c

    • SHA512

      428d34eeedd711b3367da4184de8d051da08fac59ab0936a27597d4fa0c8fe24585a411167838545434a1b663993200b9957c97cba1b3fe02f5fa257db9e90cf

    • SSDEEP

      98304:YQo5KB5D5+CPb5TXWA7vzKXq/WNxNjR1zFr9DvdHIY:YQIQDbPb5Tmbq/0jvDvh

    Score
    8/10
    vmprotect

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks