Overview

overview

8

Static

static

7

SpooferBW.exe

windows10-1703-x64

8

SpooferBW.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    SpooferBW.exe

  • Size

    5.6MB

  • Sample

    230707-q8f4gshf67

  • MD5

    767e7109bcda5fa36672af0014621afd

  • SHA1

    adb0243eb24124bc175c7ca1b8db3184a1b48531

  • SHA256

    6212589f93cf934cf4dc55337831da766b5b668b6808a9a930a214545a4d7956

  • SHA512

    01875b8e739ff15494647b2ee1c55d3953709d62fb84e763ad0dbc54dee3ec991917f3aa2a26f741bc55837d4d191a4673ed68762bf61903c7472461f78d6216

  • SSDEEP

    98304:pohiNLZOEucihE2yUgWOUTbsEj5CGrgHWeZj429kxUWAh:IiN8xJVHOUTzj5CGk2eGikGr

Score
8/10
evasionvmprotect

Malware Config

Targets

    • Target

      SpooferBW.exe

    • Size

      5.6MB

    • MD5

      767e7109bcda5fa36672af0014621afd

    • SHA1

      adb0243eb24124bc175c7ca1b8db3184a1b48531

    • SHA256

      6212589f93cf934cf4dc55337831da766b5b668b6808a9a930a214545a4d7956

    • SHA512

      01875b8e739ff15494647b2ee1c55d3953709d62fb84e763ad0dbc54dee3ec991917f3aa2a26f741bc55837d4d191a4673ed68762bf61903c7472461f78d6216

    • SSDEEP

      98304:pohiNLZOEucihE2yUgWOUTbsEj5CGrgHWeZj429kxUWAh:IiN8xJVHOUTzj5CGk2eGikGr

    Score
    8/10
    evasionvmprotect

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks