General

  • Target

    391afad4f255dd66629814e03eeeaf2ee5412a569eace77bf0db80f4ac4b0699

  • Size

    1.1MB

  • Sample

    231205-h6zh2shg6z

  • MD5

    49a805374e72a88b389af497efea254a

  • SHA1

    ccdfe74a363739e2cc0afd71f6fed09e37495d3e

  • SHA256

    391afad4f255dd66629814e03eeeaf2ee5412a569eace77bf0db80f4ac4b0699

  • SHA512

    3feb688ed4f38e07e6ea9fd502b0bba5fd1ae414b7017171c0fbf3dee4e49064d48abe78dddb5191060e30bf74531cb317794adc47aff56b5306b86975f59800

  • SSDEEP

    24576:z8VztuIHMX9+vRCSaIvmfh+rwYoESSSRhulDE2Cus9pG3u10gyWrCbcw1BdGV1vW:z8VztuIHMX9+vRCSaIvmfh+rwYoESSS6

Malware Config

Targets

    • Target

      391afad4f255dd66629814e03eeeaf2ee5412a569eace77bf0db80f4ac4b0699

    • Size

      1.1MB

    • MD5

      49a805374e72a88b389af497efea254a

    • SHA1

      ccdfe74a363739e2cc0afd71f6fed09e37495d3e

    • SHA256

      391afad4f255dd66629814e03eeeaf2ee5412a569eace77bf0db80f4ac4b0699

    • SHA512

      3feb688ed4f38e07e6ea9fd502b0bba5fd1ae414b7017171c0fbf3dee4e49064d48abe78dddb5191060e30bf74531cb317794adc47aff56b5306b86975f59800

    • SSDEEP

      24576:z8VztuIHMX9+vRCSaIvmfh+rwYoESSSRhulDE2Cus9pG3u10gyWrCbcw1BdGV1vW:z8VztuIHMX9+vRCSaIvmfh+rwYoESSS6

    • Downloads MZ/PE file

    • Sets service image path in registry

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks