Overview

overview

8

Static

static

7

Power_Tool64.exe

windows7-x64

8

Power_Tool64.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Power_Tool64.exe

  • Size

    6.3MB

  • Sample

    230609-v94y6acg92

  • MD5

    30fa72291682cb10a25ddacfc1982905

  • SHA1

    0e7f9ace355dbc6e192aa40d5c83085a23aab273

  • SHA256

    346662c767688feac8fdf191523aa706303fd5dcbee4ef51ad153b9b9dbc7f37

  • SHA512

    975bc12e27dc4c0e3e7012d0a609f04b90341c6c459c8f6f209f187b940071b18667223ce396b09d100db2473c66f78fab26a0075a571bc090aa746d9411decc

  • SSDEEP

    98304:aLXDJ4KAHYJMuPNk61rs8v4ElgbM//YvxZ5HwF8w+ffwle7d1XVI94NGeB:YXD6KksRPeUpNQlI86eh5K90

Score
8/10
discoverypersistencevmprotect

Malware Config

Targets

    • Target

      Power_Tool64.exe

    • Size

      6.3MB

    • MD5

      30fa72291682cb10a25ddacfc1982905

    • SHA1

      0e7f9ace355dbc6e192aa40d5c83085a23aab273

    • SHA256

      346662c767688feac8fdf191523aa706303fd5dcbee4ef51ad153b9b9dbc7f37

    • SHA512

      975bc12e27dc4c0e3e7012d0a609f04b90341c6c459c8f6f209f187b940071b18667223ce396b09d100db2473c66f78fab26a0075a571bc090aa746d9411decc

    • SSDEEP

      98304:aLXDJ4KAHYJMuPNk61rs8v4ElgbM//YvxZ5HwF8w+ffwle7d1XVI94NGeB:YXD6KksRPeUpNQlI86eh5K90

    Score
    8/10
    discoverypersistencevmprotect

    • Sets service image path in registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks