8b6b3e9f77a15730c642aeb7b47691e084bbfffef4def9c069b37ec6802ec33a

Sharing

Copy URL

Twitter E-mail

General

Target

VMProtect.Ultimate.v3.6.0.1416-Cracked.zip
Size

40.5MB
Sample

231012-a6gz1agb94
MD5

0446cf94356bc682d8e41ed76d4670fa
SHA1

f2fbae062bdf4ce231ab6d1f03e023df70dca00d
SHA256

8b6b3e9f77a15730c642aeb7b47691e084bbfffef4def9c069b37ec6802ec33a
SHA512

3cf1fa9baa895459c236944720e9905be825552e93de34e0a2a3f96dbac163a92928f6686023aeb9832276849447148025c51997240175dfd34d0bf4512752ff
SSDEEP

786432:5rEoXBUlxEzgOBqU4MdRMREicqa/5+BVBxBRaUZbR8s+yJoWH7vY8B:5EoXBexEXBqU4xEiYRgn5/ZbR8s+yJ55

Score

7^/10

linux macos

Malware Config

Targets

- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/Linux/libVMProtectSDK32.so
- Size
  
  25KB
- MD5
  
  c1f04f4a922dba8d0eb8bdc1e1f5b0e3
- SHA1
  
  991f54d44253f81048dbcab404359bbdaea772ce
- SHA256
  
  5aec2c03bc5e4658f849491bbd665e9c4c3bc5e4007b8258505c21b704aeb9a1
- SHA512
  
  33d774941c31dbc74d3ad0f16256231bca78692020c372da664e5c5c4c7900cdc9d8f2f0a04ec10b64498291a77f15e2b86b9f42d4556ddd3c07d7d3e77bfc9a
- SSDEEP
  
  384:Sc6LggOxAHXUtyQv5YLNf37oBz3r37FDSNyUg2UAU/LglzWYOG6xuVlXOgMr/7EJ:Sc6LfOx/N5YByUjUPx2IgMr/7EhZXx
Score

1^/10
behavioral1
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/Linux/libVMProtectSDK64.so
- Size
  
  31KB
- MD5
  
  deb0b135958cf5e479831efd2a74d693
- SHA1
  
  a243420341ce6a65f78bc92adff9834d184a7ed8
- SHA256
  
  f2ea6cf49d93238dba7cafeee24fd9fcf2f4d55c108b9359cd894c4c7f381ea8
- SHA512
  
  43304c2e954fe6e14a36cf93bbaa3b44d2f66c1136e734bf4f0cdfabc8a0cd4ac2e93ce261ad4a021263e9b049b2b79f4577d5610f6108ca610b3f33fbdec46f
- SSDEEP
  
  768:q6he00JUA6NaqvPk8/6LFM+Bqqqqqcwc5h8D+HvKN:Y0FX/6LFMS8ci
Score

1^/10
behavioral2
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/OSX/libVMProtectSDK.dylib
- Size
  
  49KB
- MD5
  
  824d3086075147a21a6a281652cda4e7
- SHA1
  
  6a6e7e0236ca76f041a772c800f828a71aee6aec
- SHA256
  
  e3d0acae1ba6936bf6de3ae22bd287693dc34a8f44314a3a6d4484d6ee422d5a
- SHA512
  
  a7d9913dca53f37e1e3c518ced5f47b1b82b5d5bfa9b818a18639e75cd9783d6bbc6fc82ea4f2229fd86e64e143395f988cbfb92a97cf301c619b43ea46ba341
- SSDEEP
  
  768:JYsIlAGwZIZl19U1I+8Qi0RWOdQL8r+3INQwVldkFYuMAykBGSZtQ1:+sEw+0+Wh
Score

1^/10
behavioral3
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/Windows/Net/VMProtect.SDK.dll
- Size
  
  10KB
- MD5
  
  078a070fe260c0cfeac0230c5dc428f8
- SHA1
  
  949118793be8444fd61425893dbd6d7e4aea7bd6
- SHA256
  
  8fcced00c575f8e93c3c61e01643831607869e3e65b46088d37c0f47bf2842d8
- SHA512
  
  ea27eb2fc87aaed27a3f7a41361d89e25793047db43d8bd0b04021a9952f784eebb06b9a9ab3b8b816b813d58d79b8d7137121f88224da39df1c3385e4c47475
- SSDEEP
  
  96:VjKLWlYY8hV5ln3KXkhk6EIIIII/Kg5y0bNVOz7RpSxr9+PXCr3c7GdOHKMHZ3QF:gY8TTvOIIIII/J0z/Sxrh3MHZA
Score

1^/10
behavioral4 behavioral5
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/Windows/VMProtectDDK32.sys
- Size
  
  3KB
- MD5
  
  5a26bae061acaebd29debdaa63f679b4
- SHA1
  
  d53b3afa50f954c7c6dfae2184061c3f040841fd
- SHA256
  
  3fbe00725014e82256e545168b26d99106d5bff5520822aaed5adf7f001d3cde
- SHA512
  
  d36683293aaee9879260085297808e5956e6d2fa2abd70165ca1de7a5fd16bee484b8a6af10bf307addb54e0e3d01d5ecd7f559181fa8aee040c20f54fc6217e
Score

1^/10
behavioral6 behavioral7
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/Windows/VMProtectDDK64.sys
- Size
  
  4KB
- MD5
  
  1a18120f459485eab0ea2e59b63a82eb
- SHA1
  
  87da1a2a2b3dfc322a97fab0dfcc5ba30e851955
- SHA256
  
  3b73ea943eeda262e7ded5e22e78ec1500728c5f1e8f9a302a73efd84c0e58d5
- SHA512
  
  3d4a3aa038eaef64b1b26b6f262866a29ff2252b124f4c59c207fec12fad44ef45c8bd785fed4137ff2bd352d40eb74b5229c75bf589821366fca06b391ed083
Score

1^/10
behavioral8 behavioral9
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/Windows/VMProtectSDK32.dll
- Size
  
  98KB
- MD5
  
  42bc27a67b8d922ff86699723d546f4a
- SHA1
  
  f74a57e5d48ae45bbe72e3d212cfef08f44bddea
- SHA256
  
  ffa66ecc900b58b2f0b99f70edd7af9c7232cea067716842d3b2dc56e396a7f0
- SHA512
  
  66a8cc93ae0db170c9afd9554944bc6af7306e5e628178c2371196c7007aafde733d1548aaa62e6795dfd45f0563930565fcf1bfd2ff6010ae562a0c16ea9898
- SSDEEP
  
  1536:3T33kLmdI52QC2mCYKw2cr2RhXbZ9qu/nDw2a1+YRroJQusWMIcdwX0YXowGF:phQC2mCYK3RhrZ9dPk2Q9yMJwX0YRG
Score

3^/10
behavioral10 behavioral11
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/Lib/Windows/VMProtectSDK64.dll
- Size
  
  116KB
- MD5
  
  234ef21de99216006f03685a5bd5bf14
- SHA1
  
  10d5ce2b7383740a121c59fffbf1bfed5b40d6b7
- SHA256
  
  4010814f40e19b8da59afd989188b9aed76390f2d44cc1a458267cd39f3888fc
- SHA512
  
  b855e16debaacf72ed6ad7fc9fb7f6fe1e1a6ee19047e7cf8f444cf12e8d8fbd219365520eb1d1e800052d2201e7fdde253681eb671b93f422cc0ab99b814dae
- SSDEEP
  
  3072:bmcqYHq7Aiytzg2ScpvgJcG5sqYX6UcHLlBS:a0Hq7AiyegZgJZSXErH
Score

1^/10
behavioral12 behavioral13
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/VMProtect.exe
- Size
  
  23.7MB
- MD5
  
  07df460af29fe65ec9432bce2788e54b
- SHA1
  
  5dfef5ebadf56cf228c9990fd37d96f90a5a5c75
- SHA256
  
  80ec62939ba2c726cfb39ae190302c8d6a944ba1ac7b6212c19fa22f2bc15dc2
- SHA512
  
  72048734f08735a710d553b801ced90d981b0ca5d2eaa2578037c6e64a704e5bdb6cd93763469cc23e263789448f5520af0da26e412a19068ad6401a1006a2df
- SSDEEP
  
  393216:p1NwNgGqHjWGteCrihgH6rV9N1Nz2OiRYP6gQ323yDnQLwAW/2DueOHH+Y:pAn7GteCrYgH2NpiRc6d32CzSm3
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral14 behavioral15
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/VMProtect_Con.exe
- Size
  
  14.8MB
- MD5
  
  49fbd72c3a4af4000e8bafd34a5d9547
- SHA1
  
  6d718dc17e239ff5fe3daaab7ba2a63e2864dac4
- SHA256
  
  f3adcb446e1a7fb713b34ea2f675cdd059473c094e1b777291443769d6b359a5
- SHA512
  
  ae96653ad253ef690f0a927df64735b10403967cf5fde773144898c3aefaa1ef439a45dab2dd1a305cf7e07c398b58462d4248769d13f958a2bec1abd16326e5
- SSDEEP
  
  393216:XmvJRhOzAlkRh4bpYdBNMK/YppqdTosWHxzlxcq5mO:XmvJRsakRhApiMKAX0WHxRCq
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral16 behavioral17
- Target
  
  VMProtect.Ultimate.v3.6.0.1416-Cracked/unins000.exe
- Size
  
  1.1MB
- MD5
  
  a2c8b63b52d96cb5d9a13dcb531962cd
- SHA1
  
  c64b2dbf41c7f743f6206789af063620a9e3c9d8
- SHA256
  
  51ebdf66568eb4b1116a0293b2ebf29fe013ca5b3145c11745aced244f6cba00
- SHA512
  
  f0091bf3f76df3b06cdbc6531007315d2c59508f01138cc50ab107ed070c3fc6448e38152fdddf342a4d822943b0f0095856e82b535d78d7a22de148747703f3
- SSDEEP
  
  24576:cKbqslNoiGO+h84C6f8HSCNFfoJMpNOErZTOzu5xTxytr:zwY6fULNntNXQ
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral18 behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19