Overview

overview

7

Static

static

3

RazboSTEAMgen (1).exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    RazboSTEAMgen (1).exe

  • Size

    162.1MB

  • Sample

    230823-yclcbsge8t

  • MD5

    33f104b1db2216d12fb8403829cbf8a1

  • SHA1

    c32390eba71747e745c846bf1706758a213e2680

  • SHA256

    fa9b62f96e974ba9f0643fce732e594c396d95b916e716f5fbc2d8aa7f4635ad

  • SHA512

    4a9c1f6b80a70b0fd34da00b587a35cfb7c557b9cb88681fc613462335ed0b4a88450ee58c55c3dcff9c9fb3808030d341673ef42804c295d353b05708f89780

  • SSDEEP

    3145728:s4IZe7eERxtFNRz4NvvVX9oD0zwb68EQKedl2jR3sa1nvu0dFTk6lnxVZGyx:KZcLnLNJOHVp3PQVKjF71vfdZPDx

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      RazboSTEAMgen (1).exe

    • Size

      162.1MB

    • MD5

      33f104b1db2216d12fb8403829cbf8a1

    • SHA1

      c32390eba71747e745c846bf1706758a213e2680

    • SHA256

      fa9b62f96e974ba9f0643fce732e594c396d95b916e716f5fbc2d8aa7f4635ad

    • SHA512

      4a9c1f6b80a70b0fd34da00b587a35cfb7c557b9cb88681fc613462335ed0b4a88450ee58c55c3dcff9c9fb3808030d341673ef42804c295d353b05708f89780

    • SSDEEP

      3145728:s4IZe7eERxtFNRz4NvvVX9oD0zwb68EQKedl2jR3sa1nvu0dFTk6lnxVZGyx:KZcLnLNJOHVp3PQVKjF71vfdZPDx

    Score
    7/10
    vmprotect

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks