Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1149396140509368350/1181650893565865984/Loader.exe?ex=65e758a7&is=65d4e3a7&hm=46b9815958487af8548b183cf74e7a6f5f57af95f085e1a29f9c57b02c898a70&

  • Sample

    240222-cq142sah82

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1149396140509368350/1181650893565865984/Loader.exe?ex=65e758a7&is=65d4e3a7&hm=46b9815958487af8548b183cf74e7a6f5f57af95f085e1a29f9c57b02c898a70&

    Score
    8/10
    vmprotect

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks