Overview

overview

7

Static

static

7

263033dd16...6b.exe

windows7-x64

7

263033dd16...6b.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    263033dd167aece0c1fca19b914b7162d0d6898d7390dbcd5e9099458807846b

  • Size

    11.6MB

  • Sample

    240516-dt3bysab78

  • MD5

    0ed45ec9bb60ce637a1a0c9618fc8598

  • SHA1

    c42dd69fa3201ef46b2aa880ee2b51cc337d105b

  • SHA256

    263033dd167aece0c1fca19b914b7162d0d6898d7390dbcd5e9099458807846b

  • SHA512

    6188735d2fa545dc24ff6c98efe7fcef6361868929dc903ef5ee1c85561033a6dba008fea32e02290ad9ad5add90da9b4568f03e5c2b82fe49bdf5e27c9271c1

  • SSDEEP

    196608:ImkdAidOLDdFVpwPC4RV4uB6q5BwnIVVCYbqxigL0Wwwu:ImkuidOHn76C4f5BwnWCgqxBLawu

Score
7/10
vmprotect

Malware Config

Targets

    • Target

      263033dd167aece0c1fca19b914b7162d0d6898d7390dbcd5e9099458807846b

    • Size

      11.6MB

    • MD5

      0ed45ec9bb60ce637a1a0c9618fc8598

    • SHA1

      c42dd69fa3201ef46b2aa880ee2b51cc337d105b

    • SHA256

      263033dd167aece0c1fca19b914b7162d0d6898d7390dbcd5e9099458807846b

    • SHA512

      6188735d2fa545dc24ff6c98efe7fcef6361868929dc903ef5ee1c85561033a6dba008fea32e02290ad9ad5add90da9b4568f03e5c2b82fe49bdf5e27c9271c1

    • SSDEEP

      196608:ImkdAidOLDdFVpwPC4RV4uB6q5BwnIVVCYbqxigL0Wwwu:ImkuidOHn76C4f5BwnWCgqxBLawu

    Score
    7/10
    vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks