Overview

overview

8

Static

static

7

0bf4f071ee...db.exe

windows7-x64

8

0bf4f071ee...db.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0bf4f071ee9c5f40a3327980ca31509fa64f967f6d26a2794239fc8f72d501db

  • Size

    545KB

  • Sample

    231015-j4n5zafc58

  • MD5

    c3e1c7a69b3d95030c46e3e5bd1a24ee

  • SHA1

    bc9eb2027cc661e0866e7658682cdc9baeec3afb

  • SHA256

    0bf4f071ee9c5f40a3327980ca31509fa64f967f6d26a2794239fc8f72d501db

  • SHA512

    ae8bcabe8a84579228367197cef952c92a1ef2e8619f2b554c70e469683bc0ef15215297da31ae504f8056652afeb31c93f6e4d670843cfd81d6bec79763c686

  • SSDEEP

    6144:mhjxrU2+7kO+4LT9FD/QzVkJpFYcEOkCybEaQRXr9HNdvOapC6:mvr+M4H9FruVkwOkx2LIac6

Score
8/10
upxvmprotect

Malware Config

Targets

    • Target

      0bf4f071ee9c5f40a3327980ca31509fa64f967f6d26a2794239fc8f72d501db

    • Size

      545KB

    • MD5

      c3e1c7a69b3d95030c46e3e5bd1a24ee

    • SHA1

      bc9eb2027cc661e0866e7658682cdc9baeec3afb

    • SHA256

      0bf4f071ee9c5f40a3327980ca31509fa64f967f6d26a2794239fc8f72d501db

    • SHA512

      ae8bcabe8a84579228367197cef952c92a1ef2e8619f2b554c70e469683bc0ef15215297da31ae504f8056652afeb31c93f6e4d670843cfd81d6bec79763c686

    • SSDEEP

      6144:mhjxrU2+7kO+4LT9FD/QzVkJpFYcEOkCybEaQRXr9HNdvOapC6:mvr+M4H9FruVkwOkx2LIac6

    Score
    8/10
    upxvmprotect

    • Drops file in Drivers directory

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks