Overview

overview

10

Static

static

7

6c9a4829e4...0d.exe

windows7-x64

10

6c9a4829e4...0d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6c9a4829e467a8303a6156d3e9e2680d

  • Size

    197KB

  • Sample

    231226-n41wzsgbak

  • MD5

    6c9a4829e467a8303a6156d3e9e2680d

  • SHA1

    2270828db581bbd7513cafb0bc0374ea66998a13

  • SHA256

    13e67849abf157561e8bf9017ce856310fe757e1508221ace9645ce85374e95e

  • SHA512

    4794f720eb7585bb3064ba4159c3b6063b40251e11e9471d3be425f4cd491fca60b147328cd2ecfe63d3a6650be769852e0adebedd893aecc94a8b00e39b6a78

  • SSDEEP

    3072:SEPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:Sm19UMzQZbbGshVhfGscLRlqWrfte8

Score
10/10
evasiontrojanvmprotect

Malware Config

Targets

    • Target

      6c9a4829e467a8303a6156d3e9e2680d

    • Size

      197KB

    • MD5

      6c9a4829e467a8303a6156d3e9e2680d

    • SHA1

      2270828db581bbd7513cafb0bc0374ea66998a13

    • SHA256

      13e67849abf157561e8bf9017ce856310fe757e1508221ace9645ce85374e95e

    • SHA512

      4794f720eb7585bb3064ba4159c3b6063b40251e11e9471d3be425f4cd491fca60b147328cd2ecfe63d3a6650be769852e0adebedd893aecc94a8b00e39b6a78

    • SSDEEP

      3072:SEPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:Sm19UMzQZbbGshVhfGscLRlqWrfte8

    Score
    10/10
    evasiontrojanvmprotect

    • UAC bypass

      evasiontrojan

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks