Overview

overview

8

Static

static

7

CSOM.dll

windows7-x64

7

CSOM.dll

windows10-2004-x64

7

csojqk.exe

windows7-x64

8

csojqk.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    719f6a9c4d9d36f1631ceefd2d43da2f

  • Size

    602KB

  • Sample

    240124-glr3sscbfl

  • MD5

    719f6a9c4d9d36f1631ceefd2d43da2f

  • SHA1

    9294f54f64d7c5d7208f5f9382b9c1d309b89c98

  • SHA256

    42e3b12880cbcecf93cc5d053ad7f9a3b41810abddda448309d240ef5eb93672

  • SHA512

    4438a772616c337803ddbfc4042a78ca0af0005dd423e2807bbf77e28a3fe09b3026de599e13429eead8337b00b35f7fe78b5ba66e8b46de5606f05cff3cef86

  • SSDEEP

    12288:FbEhhemuy4glUnQ2/Ca/jp9UEP0C43fU8gMAx0+QujmXxLHzV/ny:5EhhemuC8H6aL5B43fU8gMG0+QuShzhy

Score
8/10
evasiontrojanvmprotect

Malware Config

Targets

    • Target

      CSOM.dll

    • Size

      432KB

    • MD5

      fd66fef2fe170948c7f64d5d8ad95bed

    • SHA1

      76d9a99c36f902fda382e7747aa74237578ea766

    • SHA256

      c778bcbb503794ddcf0459e5a95706a766998309d1b3a9782cb3d6f106c26c89

    • SHA512

      52607dc9ee1205d54c563d9cc3713918bc33018d3329553ea7e8c52ffc6fef38c1cfb904ffa3bc9621e276d7483d4d006e614dc872b0440d58ca6c374b425e6e

    • SSDEEP

      12288:Z4/kB26domCT1D4WKe4gFjQL6HyHWgVteec2:B24oNezgFjQLQbgVl

    Score
    7/10
    vmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

    • Target

      csojqk.exe

    • Size

      232KB

    • MD5

      67ac8949a03576a7018569b8d16e142b

    • SHA1

      1f486de7f819b0a3c03da3f8f9a8feedf86b1857

    • SHA256

      bbb7c1e89a581481920a710abc5dbd013e5193738182f5b465e88354b3ee5382

    • SHA512

      7a638b3c5be462c288b0d6b9bcfc4938140b9b41551bc1c72c015884c622788afb5ebdb8c950596d0790c42a0655e60f5748d2fcc99f1f74ce3a54e3f6629b80

    • SSDEEP

      3072:z96AQI13SBzg2eUiUVSv30yvOrY/xTYQqFovIYGp3FFoKhVUzFbZzqruSa3:z96AQg34eUiUcvkrYIYaLo+UzFbZzYu

    Score
    8/10
    evasiontrojanvmprotect

    • Drops file in Drivers directory

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks