General

  • Target

    fc8c2932fbabe79902188cc008212d2f

  • Size

    152KB

  • Sample

    231228-2al3mahcc8

  • MD5

    fc8c2932fbabe79902188cc008212d2f

  • SHA1

    3d93aecf47b1048ae554da2d415dd43145a41f9e

  • SHA256

    09cf2ef1d8bb11fc991e25fe6b33562b46de01374debd4bc71f58d6680cf955b

  • SHA512

    ea1481651c5b1b37d7428cc1b8b40f529798c6a6fe2b61f7c8c6b8cb4f4d46520bc83cf75973db5e84574d8b78009045904f67fd94fbb3378bcd85e3b5dfc23c

  • SSDEEP

    3072:SuPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:SA19UMzQZbbGshVhfGscLRlqWrfte8

Malware Config

Targets

    • Target

      fc8c2932fbabe79902188cc008212d2f

    • Size

      152KB

    • MD5

      fc8c2932fbabe79902188cc008212d2f

    • SHA1

      3d93aecf47b1048ae554da2d415dd43145a41f9e

    • SHA256

      09cf2ef1d8bb11fc991e25fe6b33562b46de01374debd4bc71f58d6680cf955b

    • SHA512

      ea1481651c5b1b37d7428cc1b8b40f529798c6a6fe2b61f7c8c6b8cb4f4d46520bc83cf75973db5e84574d8b78009045904f67fd94fbb3378bcd85e3b5dfc23c

    • SSDEEP

      3072:SuPl19U+pzDsZbbGs4SVhfGsysaro7YRl4hWUGjLpbenenbj:SA19UMzQZbbGshVhfGscLRlqWrfte8

    • UAC bypass

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks