General
-
Target
SubzeroFree.exe
-
Size
16.2MB
-
Sample
240416-knrftsdf99
-
MD5
6941b02bd3846caad086353b70264f09
-
SHA1
e1c7389d804a9ca7d53ad9c1b60718d0e258900e
-
SHA256
9fa02f23b5a381b507a923bbd93452c20a3aa12f585ac04095a383f9939a214e
-
SHA512
65554334dfd1c504ee087356b9d58aa55f376276f957070f1f03a27e1b38ae633934a9f726de394c394cb22581f23f8e155a48ff76549e36910a9b3b95b9daa3
-
SSDEEP
98304:FHMwajbQfcYf2MUzwcGD7eFRGYmm9sb9kHVc5XzVIhGn4+InpYY4cTVw4k1uAn0U:FCj6YMe6AsxkHql3ypBxk1u6f/yKseWi
Malware Config
Targets
-
-
Target
SubzeroFree.exe
-
Size
16.2MB
-
MD5
6941b02bd3846caad086353b70264f09
-
SHA1
e1c7389d804a9ca7d53ad9c1b60718d0e258900e
-
SHA256
9fa02f23b5a381b507a923bbd93452c20a3aa12f585ac04095a383f9939a214e
-
SHA512
65554334dfd1c504ee087356b9d58aa55f376276f957070f1f03a27e1b38ae633934a9f726de394c394cb22581f23f8e155a48ff76549e36910a9b3b95b9daa3
-
SSDEEP
98304:FHMwajbQfcYf2MUzwcGD7eFRGYmm9sb9kHVc5XzVIhGn4+InpYY4cTVw4k1uAn0U:FCj6YMe6AsxkHql3ypBxk1u6f/yKseWi
Score8/10-
Creates new service(s)
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Stops running service(s)
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2