General

  • Target

    cOOla_unban.exe

  • Size

    5.6MB

  • Sample

    231221-xhhyqabegr

  • MD5

    6857f16046fd533188f28606ae7586ab

  • SHA1

    230bb3ad33960731a4ec637469197fe07d8c3234

  • SHA256

    b3cbb74a4236bd44bb4bdc9d3ce5515a52abb470804de9949818d5d4989cacc5

  • SHA512

    a5d8142c80d10cc9d5b4607ae6f6dffb5f96383e07194a226a575cf4c11b81730a57ea4c8423753c4cf7dc02cb2598fc2aafc0c4b0b695bd4c947921809ca3a6

  • SSDEEP

    98304:JYsLCpbM7aFsTiyrkrGKsSdYNTQqv5uCtL2FdIjt4+gpitlCqg67g7xLxRWY:esL8bMRjrPKsSez5uIjVgpIlCq7g7XR5

Score
8/10

Malware Config

Targets

    • Target

      cOOla_unban.exe

    • Size

      5.6MB

    • MD5

      6857f16046fd533188f28606ae7586ab

    • SHA1

      230bb3ad33960731a4ec637469197fe07d8c3234

    • SHA256

      b3cbb74a4236bd44bb4bdc9d3ce5515a52abb470804de9949818d5d4989cacc5

    • SHA512

      a5d8142c80d10cc9d5b4607ae6f6dffb5f96383e07194a226a575cf4c11b81730a57ea4c8423753c4cf7dc02cb2598fc2aafc0c4b0b695bd4c947921809ca3a6

    • SSDEEP

      98304:JYsLCpbM7aFsTiyrkrGKsSdYNTQqv5uCtL2FdIjt4+gpitlCqg67g7xLxRWY:esL8bMRjrPKsSez5uIjVgpIlCq7g7XR5

    Score
    8/10
    • Stops running service(s)

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks