Overview

overview

8

Static

static

7

BW-Spoofer.exe

windows10-2004-x64

8

Resubmissions

27-05-2023 17:37

230527-v7b6csce89 8

27-05-2023 17:36

230527-v6xexada2w 8

27-05-2023 17:33

230527-v42xlsch91 8

27-05-2023 17:32

230527-v38zjace83 8

27-05-2023 17:31

230527-v3vrxace82 8

27-05-2023 17:20

230527-vwt7ssce69 8

27-05-2023 17:11

230527-vqly8sce53 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BW-Spoofer.exe

  • Size

    5.6MB

  • Sample

    230527-v6xexada2w

  • MD5

    67451b7db8bdcd28e6bd16a928794c6c

  • SHA1

    c4e5685ecbe6793267f49ab72a0189fb5f35744a

  • SHA256

    3706ed1a2a7e708ee1f495eafe95c03ef9d589850546ffe792a750d7498a45b6

  • SHA512

    16d8134b87a6b26055f0628da186d842e46a19df83387b3b7272187cefdb1efe86286dd027da181a42dbd9edfbb5a77fcdce561af61be071c337810b117c392a

  • SSDEEP

    98304:qeVN/VSp6wcY7hXQBkAZu+nBx21QNAz2rY6WQU9hUD69748C:q6m6GukCb21F2Vp6dtC

Score
8/10
evasionpersistencevmprotect

Malware Config

Targets

    • Target

      BW-Spoofer.exe

    • Size

      5.6MB

    • MD5

      67451b7db8bdcd28e6bd16a928794c6c

    • SHA1

      c4e5685ecbe6793267f49ab72a0189fb5f35744a

    • SHA256

      3706ed1a2a7e708ee1f495eafe95c03ef9d589850546ffe792a750d7498a45b6

    • SHA512

      16d8134b87a6b26055f0628da186d842e46a19df83387b3b7272187cefdb1efe86286dd027da181a42dbd9edfbb5a77fcdce561af61be071c337810b117c392a

    • SSDEEP

      98304:qeVN/VSp6wcY7hXQBkAZu+nBx21QNAz2rY6WQU9hUD69748C:q6m6GukCb21F2Vp6dtC

    Score
    8/10
    evasionpersistencevmprotect

    • Downloads MZ/PE file

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks