d018cc61329d7dd1f4d383fb028905f21be9ab0e535347f18e11db14f3f90b83 | Triage

Submit
Reports

Overview

overview

Static

static

1

vb_decompi...te.exe

windows7-x64

Sharing

Copy URL Twitter E-mail

General

Target

vb_decompiler_lite_84.zip
Size

5.6MB
Sample

240420-pag3fsha7z
MD5

f82ec8f6f84efeb59c7145b0dd994051
SHA1

feca471ca91d4e9e87383137a9121aa1ea0ec2fe
SHA256

d018cc61329d7dd1f4d383fb028905f21be9ab0e535347f18e11db14f3f90b83
SHA512

bd0abc52fce21cc36f4a2daf221af9214c6df999cb44ecaebfc3782e5600ef48f6a0762fa6c67efd61c4bf788811727521c36c6000a4936d8e609cad570f0b34
SSDEEP

98304:yma9GFpnYqHf8+2zeVAgZVWEzndBszV3W71H4RFR8bddLUtepRr8r:y59aYS8OqE5qSyF8bjgtsrG

Score

10^/10

discovery evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

vb_decompiler_lite.exe

Resource

win7-20240220-en

discovery evasion persistence trojan upx

windows7-x64

30 signatures

1800 seconds

Malware Config

Targets

- Target
  
  vb_decompiler_lite.exe
- Size
  
  5.6MB
- MD5
  
  1ee6acdef2c1dca0801ac92fa6489a0b
- SHA1
  
  cae7883df4073ac0798f84850b20782166152c4d
- SHA256
  
  4f8a9630166688672ec9aa2f9ce59a43c2b45669812669f4736dea7052b9d5df
- SHA512
  
  19b46eba75aa28527ad6e7edd6e87bb5d8f7a424eefdc4b5f99452b83d2bdfd3f559a71f1829ef3dc3e64843e0274cbe8b57590d0f16de596e025b285a06c4bb
- SSDEEP
  
  98304:OEW9GjpK1cdf3w79xC86F0jKkTdcopDfzGpV3YFLhoZTR0r/dpQ6L1XFC:I9n16ckCmoxkAiT0rVS6dF
Score

10^/10

discovery evasion persistence trojan upx
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy