General

  • Target

    0016d32eaf72432adab7b9f9c5c264df

  • Size

    428KB

  • Sample

    231224-rj8b4sege5

  • MD5

    0016d32eaf72432adab7b9f9c5c264df

  • SHA1

    0ddf731c04356914168ba8dd0c99c0f93e51e3b3

  • SHA256

    ddc8c68c8bc20e9e164bc299cc31edb3602b69d0782951590cd03bd7ba6aebe5

  • SHA512

    b25f7144c243d058871f05d6b0a3c3d631619fab4e4bfe4aea734799b1cf099af29c4c9d670c120bdf3118396b04f778be3540d2b6eb4412b86b0f8f41734455

  • SSDEEP

    12288:4oAmaR7ZNk0abLT+Erfu43UlGaLk4dkm:4oABteLPrm43U0aLJN

Malware Config

Targets

    • Target

      0016d32eaf72432adab7b9f9c5c264df

    • Size

      428KB

    • MD5

      0016d32eaf72432adab7b9f9c5c264df

    • SHA1

      0ddf731c04356914168ba8dd0c99c0f93e51e3b3

    • SHA256

      ddc8c68c8bc20e9e164bc299cc31edb3602b69d0782951590cd03bd7ba6aebe5

    • SHA512

      b25f7144c243d058871f05d6b0a3c3d631619fab4e4bfe4aea734799b1cf099af29c4c9d670c120bdf3118396b04f778be3540d2b6eb4412b86b0f8f41734455

    • SSDEEP

      12288:4oAmaR7ZNk0abLT+Erfu43UlGaLk4dkm:4oABteLPrm43U0aLJN

    • Drops file in Drivers directory

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks