Overview

overview

8

Static

static

7

HyperFree..exe

windows7-x64

8

HyperFree..exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HyperFree..exe

  • Size

    5.8MB

  • Sample

    230331-q1bh2aba9w

  • MD5

    5260c1a254c8af84557b82e195363a98

  • SHA1

    80af1991a492833e039891117fd594d74366545e

  • SHA256

    8eb72c8341be372e533736b84d8a7196cde5e28130eadb774c40871fcf0cf7b3

  • SHA512

    623692226d361a2795f4e5c4c330ec8435170832aa11c2e5336915b36e9340e0a18b27e0c932213e4d22ea05349a962ceb6d75216608680b41c997a75568f02b

  • SSDEEP

    98304:aEO3yMulKYLin3eE7CKG5Ea+k0XhXtFV0lb81vcBnLDCg6yrXA8CcbQh1lAL/dbs:aErts9+xEa+k0elb8hcB/C7yjA8J1O

Score
8/10
evasionvmprotect

Malware Config

Targets

    • Target

      HyperFree..exe

    • Size

      5.8MB

    • MD5

      5260c1a254c8af84557b82e195363a98

    • SHA1

      80af1991a492833e039891117fd594d74366545e

    • SHA256

      8eb72c8341be372e533736b84d8a7196cde5e28130eadb774c40871fcf0cf7b3

    • SHA512

      623692226d361a2795f4e5c4c330ec8435170832aa11c2e5336915b36e9340e0a18b27e0c932213e4d22ea05349a962ceb6d75216608680b41c997a75568f02b

    • SSDEEP

      98304:aEO3yMulKYLin3eE7CKG5Ea+k0XhXtFV0lb81vcBnLDCg6yrXA8CcbQh1lAL/dbs:aErts9+xEa+k0elb8hcB/C7yjA8J1O

    Score
    8/10
    evasionvmprotect

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks