Overview

overview

7

Static

static

3

VANGUARD BYPASS.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    VANGUARD BYPASS.exe

  • Size

    2.5MB

  • Sample

    240825-18c2yaybrh

  • MD5

    2473c143b9591080093561cd3fc42955

  • SHA1

    3a65083c411edba6b7a5dcdb93a2bebcc410e95b

  • SHA256

    89ee1cbd0ef4390b420dea55744487665d4bf7dcfa2c2597db2984dfad5dff1a

  • SHA512

    ae599014de20c34d0b75d938f743dc443b37bbd5095ec4f24548f9cff5a08f48a7959eae0dea070cf5d43d6916a4affe8ff1d825f5d8ab2907f00a9df5a5c334

  • SSDEEP

    49152:pXkQq9LDj26Mx1zrHvxx5qaXqQ7hsaNsRBt87lOpSJnQxnDNZGZ8VpDTU2:pXkQqxD8NrHxhXqosaNO8JOY+6OVlU

Score
7/10
discovery

Malware Config

Targets

    • Target

      VANGUARD BYPASS.exe

    • Size

      2.5MB

    • MD5

      2473c143b9591080093561cd3fc42955

    • SHA1

      3a65083c411edba6b7a5dcdb93a2bebcc410e95b

    • SHA256

      89ee1cbd0ef4390b420dea55744487665d4bf7dcfa2c2597db2984dfad5dff1a

    • SHA512

      ae599014de20c34d0b75d938f743dc443b37bbd5095ec4f24548f9cff5a08f48a7959eae0dea070cf5d43d6916a4affe8ff1d825f5d8ab2907f00a9df5a5c334

    • SSDEEP

      49152:pXkQq9LDj26Mx1zrHvxx5qaXqQ7hsaNsRBt87lOpSJnQxnDNZGZ8VpDTU2:pXkQqxD8NrHxhXqosaNO8JOY+6OVlU

    Score
    7/10
    discovery

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks