General
-
Target
VMProtect Professional v3.8.1 Build 1695 Personal License.exe
-
Size
95.3MB
-
Sample
231024-l8v57acb7w
-
MD5
98da78b9cd37cfdcd3ce975f20c7ba74
-
SHA1
611fc7f72a622dba02cddeecb1e9f2ce4ff1cf0c
-
SHA256
660a675e4333d0a02ca50c42b935e27ad9facaaf82e0f4e2e31efc241bc6c3e2
-
SHA512
28f601e43a5bfc426da05f706483701a6c78b675c96834284a249754b4f353088002e4848a2ad7cd23e4de04ea8c36959da976a5840d64ce7843ea56236fa05f
-
SSDEEP
1572864:/iR8tQBRKe+jqPdzZf9fpBhw9lGAMc3o2SZE6jrtmq2j0w4yyWenNraXhd6lkkHJ:/iV+jqppBhw9QL92ofQLwFyyWO0RIlTJ
Malware Config
Targets
-
-
Target
VMProtect Professional v3.8.1 Build 1695 Personal License.exe
-
Size
95.3MB
-
MD5
98da78b9cd37cfdcd3ce975f20c7ba74
-
SHA1
611fc7f72a622dba02cddeecb1e9f2ce4ff1cf0c
-
SHA256
660a675e4333d0a02ca50c42b935e27ad9facaaf82e0f4e2e31efc241bc6c3e2
-
SHA512
28f601e43a5bfc426da05f706483701a6c78b675c96834284a249754b4f353088002e4848a2ad7cd23e4de04ea8c36959da976a5840d64ce7843ea56236fa05f
-
SSDEEP
1572864:/iR8tQBRKe+jqPdzZf9fpBhw9lGAMc3o2SZE6jrtmq2j0w4yyWenNraXhd6lkkHJ:/iV+jqppBhw9QL92ofQLwFyyWO0RIlTJ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-