General

  • Target

    e159aaea28574589bee595db112f498a582a90e41bbe874f43e49ce06eafa3b7

  • Size

    2.2MB

  • Sample

    240521-176ymacb5t

  • MD5

    6714a58f0e5f12dcee6b0a3752e03b4b

  • SHA1

    0025f93de0f536d60da0754257c620c633572a0a

  • SHA256

    e159aaea28574589bee595db112f498a582a90e41bbe874f43e49ce06eafa3b7

  • SHA512

    903bc2c3505a441779cced6651fefc9220f767cf355694f061b4cf005d29d792c556d301bba6828f58e7336a68b6602a50b73a05ba7411da445172d81242164f

  • SSDEEP

    24576:ra5/RZUBDQKRf9fgCykxLu73SSH5JtUUe/hjcoIDO7Q05SL4OD6AknAb/5tulLvj:2/aD1tqG2ra1asMTNj4lICedImO

Score
8/10

Malware Config

Targets

    • Target

      e159aaea28574589bee595db112f498a582a90e41bbe874f43e49ce06eafa3b7

    • Size

      2.2MB

    • MD5

      6714a58f0e5f12dcee6b0a3752e03b4b

    • SHA1

      0025f93de0f536d60da0754257c620c633572a0a

    • SHA256

      e159aaea28574589bee595db112f498a582a90e41bbe874f43e49ce06eafa3b7

    • SHA512

      903bc2c3505a441779cced6651fefc9220f767cf355694f061b4cf005d29d792c556d301bba6828f58e7336a68b6602a50b73a05ba7411da445172d81242164f

    • SSDEEP

      24576:ra5/RZUBDQKRf9fgCykxLu73SSH5JtUUe/hjcoIDO7Q05SL4OD6AknAb/5tulLvj:2/aD1tqG2ra1asMTNj4lICedImO

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks