General

  • Target

    A0000813.exe

  • Size

    85KB

  • Sample

    240519-dtzaasga22

  • MD5

    1c5795da70e4fd522b42d5b9155719c3

  • SHA1

    9bd1361dac085b4b590006e7ec1f190bf0f9f3fc

  • SHA256

    fcfbf4c2eaa37b30fffcdb7d4aa3a737d589bc7cfedec4ca6d446693926f31f4

  • SHA512

    1294f3e69b15765cddb30b65e7a8b2f6994983a18d1c2ffaa4c9cf128daa841c58fca9a1b5667421bcab7153142863475f0bb75f13a782aff434f1a59247d176

  • SSDEEP

    1536:IHFTlNkIu0s+S3laAGcvKen/VFnToIfITRur5ZeNTeiFp0zA+V/R82m:IHFkp0s+Sien/VtTBfITRur5ZeNTeiPV

Malware Config

Targets

    • Target

      A0000813.exe

    • Size

      85KB

    • MD5

      1c5795da70e4fd522b42d5b9155719c3

    • SHA1

      9bd1361dac085b4b590006e7ec1f190bf0f9f3fc

    • SHA256

      fcfbf4c2eaa37b30fffcdb7d4aa3a737d589bc7cfedec4ca6d446693926f31f4

    • SHA512

      1294f3e69b15765cddb30b65e7a8b2f6994983a18d1c2ffaa4c9cf128daa841c58fca9a1b5667421bcab7153142863475f0bb75f13a782aff434f1a59247d176

    • SSDEEP

      1536:IHFTlNkIu0s+S3laAGcvKen/VFnToIfITRur5ZeNTeiFp0zA+V/R82m:IHFkp0s+Sien/VtTBfITRur5ZeNTeiPV

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Deletes itself

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks