General

  • Target

    e38083eb6c20abc7fa7f4d4aca9fd49b

  • Size

    12.3MB

  • Sample

    231222-tdyltseec2

  • MD5

    e38083eb6c20abc7fa7f4d4aca9fd49b

  • SHA1

    0cc8932fa79b21c11531e0625a6f127571490b0f

  • SHA256

    db106baa4a7e6524df5dce306c8d5fffa68bca5049de001a647f37e49c7fb9e5

  • SHA512

    12bf8402e23bfff0d2a20eeacbdbc79efeffc0b3890f9a758496e22067a0985d7b28a25d11a616ecc7a6972331e5209e4e1c1116bad6aec28d51e529a2269821

  • SSDEEP

    393216:zc7aeJpzYc2R2Ygikfi2jaD2RwzE36vI2hs:zc7aYKR0ika2xwRvIws

Malware Config

Targets

    • Target

      e38083eb6c20abc7fa7f4d4aca9fd49b

    • Size

      12.3MB

    • MD5

      e38083eb6c20abc7fa7f4d4aca9fd49b

    • SHA1

      0cc8932fa79b21c11531e0625a6f127571490b0f

    • SHA256

      db106baa4a7e6524df5dce306c8d5fffa68bca5049de001a647f37e49c7fb9e5

    • SHA512

      12bf8402e23bfff0d2a20eeacbdbc79efeffc0b3890f9a758496e22067a0985d7b28a25d11a616ecc7a6972331e5209e4e1c1116bad6aec28d51e529a2269821

    • SSDEEP

      393216:zc7aeJpzYc2R2Ygikfi2jaD2RwzE36vI2hs:zc7aYKR0ika2xwRvIws

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks