General

  • Target

    004d587317131f352015c7f73a583c01

  • Size

    163KB

  • Sample

    231224-rl745adabm

  • MD5

    004d587317131f352015c7f73a583c01

  • SHA1

    a3ddf9d00a7580aea37252fe5053ebc4d2d19045

  • SHA256

    6b644e045c4d1d91e4887503847898b7548527152af9440249c9a15b1107fed1

  • SHA512

    484ea116d160b4a941a89ec3ab2ec450e9408c6686db3af5fbde54b0fd5a2e4f49dfe240594922fbbcb75bb25a318169eb673d977f7ca75f4671de0a01c14397

  • SSDEEP

    3072:SuPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:SA19UMzQZbbGshVhfGscLRlqWrfte8

Malware Config

Targets

    • Target

      004d587317131f352015c7f73a583c01

    • Size

      163KB

    • MD5

      004d587317131f352015c7f73a583c01

    • SHA1

      a3ddf9d00a7580aea37252fe5053ebc4d2d19045

    • SHA256

      6b644e045c4d1d91e4887503847898b7548527152af9440249c9a15b1107fed1

    • SHA512

      484ea116d160b4a941a89ec3ab2ec450e9408c6686db3af5fbde54b0fd5a2e4f49dfe240594922fbbcb75bb25a318169eb673d977f7ca75f4671de0a01c14397

    • SSDEEP

      3072:SuPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:SA19UMzQZbbGshVhfGscLRlqWrfte8

    • UAC bypass

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks