General

  • Target

    f224d71a7b3239494f4e98f2844adc44

  • Size

    12.4MB

  • Sample

    231222-t1wezsahb6

  • MD5

    f224d71a7b3239494f4e98f2844adc44

  • SHA1

    f1a4c958687240af154338af9d7ea7cac6ccc9b1

  • SHA256

    eba223ceb11e972aa365a261dd5e68b015b8e2beb26f327e34f563d78909ddcf

  • SHA512

    e5c8b727cc5398332b79c765fa0f0d121070a554b0b0aa0c04680d080bbca27b415d14083b5c21a0add3152626de3f41a10c12c9a7c7aebc35121efc8bb6bf29

  • SSDEEP

    393216:NJYnOR5tRWqVxsUceCygRU2mXAToUB1D5AK:Ngm5t4kxCeCRR2wToUBF5AK

Malware Config

Targets

    • Target

      f224d71a7b3239494f4e98f2844adc44

    • Size

      12.4MB

    • MD5

      f224d71a7b3239494f4e98f2844adc44

    • SHA1

      f1a4c958687240af154338af9d7ea7cac6ccc9b1

    • SHA256

      eba223ceb11e972aa365a261dd5e68b015b8e2beb26f327e34f563d78909ddcf

    • SHA512

      e5c8b727cc5398332b79c765fa0f0d121070a554b0b0aa0c04680d080bbca27b415d14083b5c21a0add3152626de3f41a10c12c9a7c7aebc35121efc8bb6bf29

    • SSDEEP

      393216:NJYnOR5tRWqVxsUceCygRU2mXAToUB1D5AK:Ngm5t4kxCeCRR2wToUBF5AK

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks