Overview

overview

8

Static

static

7

8cf9aaaa59...4c.exe

windows7-x64

8

8cf9aaaa59...4c.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5a5ca7fedb0ffe06945b1574a913d2dbc114bc56073be9214d884d79f967bd9

  • Size

    331KB

  • Sample

    240417-q527jsae53

  • MD5

    4e7874fae4ce7381025f81844530a568

  • SHA1

    264c05c566c4565c198e5c348645aefca4814cae

  • SHA256

    f5a5ca7fedb0ffe06945b1574a913d2dbc114bc56073be9214d884d79f967bd9

  • SHA512

    b8aadf9a62564baca1ab3b9560697db3fe5b203d24dd8e72c6918eb0afbe009f9ccf4ccd8e312d74c65fb8bd0c815074e8d8b4b083125c3837f672a006e8608d

  • SSDEEP

    6144:7RVyFwLkm5hdlq2Ll1aJxFkw9sMYZwSmwayxC6jAEuFUyE9FFWsAmw4BLslNg:7mAkGh7q2vOHyLZfaytjAErVFospDLd

Score
8/10
persistenceupxvmprotect

Malware Config

Targets

    • Target

      8cf9aaaa59aa894bdfd166fd72d915d1edd92d272d2deeabf66477b07e04a34c.exe

    • Size

      334KB

    • MD5

      17e6d3f8d752b3f5da51ffe1b2b8243b

    • SHA1

      082fded31ae80a75ca98ad8a539db39599de01a1

    • SHA256

      8cf9aaaa59aa894bdfd166fd72d915d1edd92d272d2deeabf66477b07e04a34c

    • SHA512

      4483e3fbeb039007f619bd7e2dbf0906774aaf69209bfdba14608f77179d6d29a5077dd54759b1f8c37072259cab4784773ba0ddf606746a2b3b5e7db387bb6e

    • SSDEEP

      6144:jMs0cJIggjOgD97HnJu+ImuJo323h3j76QBHl/2pUNgic9yL6w/DGQTqu:Is0ISjOgD97HJuau+2RhBHlepUV3L3

    Score
    8/10
    persistenceupxvmprotect

    • Sets DLL path for service in the registry

      persistence

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks