Overview

overview

9

Static

static

3

VEX_WARE_ML.exe

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VEX_WARE_ML.exe

  • Size

    173.9MB

  • Sample

    240611-brvg8aydja

  • MD5

    da5d0d55a780e993bf6bd33cd9b24329

  • SHA1

    56cc323c5e15881de100185175a0ea56ff7692bc

  • SHA256

    aa494fc90ff252bb29bd80b6593a5cf6c66e6f476832b8ff82d470f44cfa3b3c

  • SHA512

    8cd96d7a6d6ce788dab79b4f7f47149767fe3ec578732ac7d80a6407943c37aa3f612fd41f41a5a7b5bbda0458e3d1d8d9d8b881350b828a4d99163f54e1b0d0

  • SSDEEP

    3145728:d04Hs7TDDcddukP4gwPvP+4tG5YqZSC++Hyd5C4Hjk5uirByE1xM8zYS7T:W4Hs/fcu/gwPXjtGahClyXCYjkoir0ER

Score
9/10
evasionexecutionpyinstallerransomware

Malware Config

Targets

    • Target

      VEX_WARE_ML.exe

    • Size

      173.9MB

    • MD5

      da5d0d55a780e993bf6bd33cd9b24329

    • SHA1

      56cc323c5e15881de100185175a0ea56ff7692bc

    • SHA256

      aa494fc90ff252bb29bd80b6593a5cf6c66e6f476832b8ff82d470f44cfa3b3c

    • SHA512

      8cd96d7a6d6ce788dab79b4f7f47149767fe3ec578732ac7d80a6407943c37aa3f612fd41f41a5a7b5bbda0458e3d1d8d9d8b881350b828a4d99163f54e1b0d0

    • SSDEEP

      3145728:d04Hs7TDDcddukP4gwPvP+4tG5YqZSC++Hyd5C4Hjk5uirByE1xM8zYS7T:W4Hs/fcu/gwPXjtGahClyXCYjkoir0ER

    Score
    9/10
    evasionexecutionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks