Overview

overview

7

Static

static

7

f_00bc09.exe

windows7-x64

7

f_00bc09.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f_00bc09.zip

  • Size

    15.6MB

  • Sample

    230403-we3chsgc38

  • MD5

    9b497f431db8d16557943057a3e7c467

  • SHA1

    69debc6ec0ec272ea29fd2c10a863372542ef5bd

  • SHA256

    9f96451fd0ca89a26d91b6ffed1369c075c1c170ad3fcae02397c05e0584bdd1

  • SHA512

    8965bd1a0662f94ec3924e252d941cd88717a258d6ca63daa24fd2e890e138044dfe219b49ab8d1f2114406a24d7e47e61577bb656a9644e9e58a873f26e3671

  • SSDEEP

    393216:BVUI76SSp0/Sd127fA6Ra8JTojo9EJYx52v43Dd:cIPSp0/418M8VojREcQ3Dd

Score
7/10
upxvmprotect

Malware Config

Targets

    • Target

      f_00bc09

    • Size

      15.8MB

    • MD5

      42af7fbdf9d3dc63ece109cb57ef2cc6

    • SHA1

      5ae291e6db1342fbda9cc168a4fa2dbe34e24d15

    • SHA256

      f61a8b70e448508ba658c860e0f9aa1fc0385aa6d918c648569bfc2ca8f59ebc

    • SHA512

      b97e8dfc1091b3111f559453978093cff226b4fa956233cf4750feb89b1e6363d00f2918efbd02981442bc33c8f580c960963c87348522324322d20e81fef8e2

    • SSDEEP

      393216:gET14RZr49SwuLLqOMUlPQCb5P9xAD3IZ094EjvMvGSF:WRMuf9N0ef

    Score
    7/10
    upxvmprotect

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks