Overview

overview

8

Static

static

1

430ff4e708...22.exe

windows7-x64

8

430ff4e708...22.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    430ff4e7084bdfa50e7dc9494a7dc979e2afea9fcc0e34dc52a00208e4bc7c22

  • Size

    190KB

  • Sample

    230420-ceernseh44

  • MD5

    9493c7bff4ebf012e70e12a9e957a8fe

  • SHA1

    f6e8410b519777d0d2487a6aa835be2178f2eb2f

  • SHA256

    430ff4e7084bdfa50e7dc9494a7dc979e2afea9fcc0e34dc52a00208e4bc7c22

  • SHA512

    a4d2afaed17c6eeb2ed57620fd4ef59d3e99f72f61a32cee9b802c1a575ee449fc5af112e12cee64569d06514887594fd7a8a1aff99cf714e529d96ec5d36830

  • SSDEEP

    3072:L5ca3CM+8toygy3tKYR4Tdn8nB+oopZh:NxyMnGtatKxdQop3

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      430ff4e7084bdfa50e7dc9494a7dc979e2afea9fcc0e34dc52a00208e4bc7c22

    • Size

      190KB

    • MD5

      9493c7bff4ebf012e70e12a9e957a8fe

    • SHA1

      f6e8410b519777d0d2487a6aa835be2178f2eb2f

    • SHA256

      430ff4e7084bdfa50e7dc9494a7dc979e2afea9fcc0e34dc52a00208e4bc7c22

    • SHA512

      a4d2afaed17c6eeb2ed57620fd4ef59d3e99f72f61a32cee9b802c1a575ee449fc5af112e12cee64569d06514887594fd7a8a1aff99cf714e529d96ec5d36830

    • SSDEEP

      3072:L5ca3CM+8toygy3tKYR4Tdn8nB+oopZh:NxyMnGtatKxdQop3

    Score
    8/10
    vmprotect

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks