5c36b516e47c99d218a211d0e5323ca94425977d25362f584acb2a1a4e9bdd8e | Triage

Sharing

General

Target

ABCDA45.4.rar
Size

1.2MB
Sample

240908-gyps7s1bqp
MD5

13c189bf367b8f7def68ba3c5121a080
SHA1

31599a2ee0eb2026a8d26104334ac13437f742d4
SHA256

5c36b516e47c99d218a211d0e5323ca94425977d25362f584acb2a1a4e9bdd8e
SHA512

778d3ed90546be1ba503b3641a243f40683ca5aa9342b53be8c738e51ad66de7ffd594920570fe922256f0da1fe84411d81876d023f315af9ea46fb41fec3cfa
SSDEEP

24576:9NmjdalhdDcHGGeixPVEnWvbBs8Bv2wghBZDzVeBfkwV78jLZhHdwzmBAnjatafv:9NmZ37eEPVEWRxgFnwlkwV78jbMmB2tn

Score

7^/10

discovery vmprotect

Malware Config

Targets

- Target
  
  pkooit/WXDSRN.exe.v
- Size
  
  439KB
- MD5
  
  dc0da3a93abf27a4b8479b655a88b662
- SHA1
  
  dbbdf148a62b7032af35a3488f295226a04264ef
- SHA256
  
  3456fcfdfa1c52ef7c765e325a858e8a0281735b930d15c7986306f9425bf595
- SHA512
  
  66c742f350dfd111f27191973e175db379a4714152b3c6494e3420a15af2e7f770c9399c8a3eca79b4163a5ceae8c26c3263a2628031f60dc37d0069461c1868
- SSDEEP
  
  6144:mKQBGiA3eHJuwBZ4U/D3bnRKC5rsP/NHxbV9BLqrgqwWJM3yyG:YciRHQwv/D3bn75rY1HxbV9B2kvgYyyG
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2
- Target
  
  pkooit/libcurl.dll
- Size
  
  268KB
- MD5
  
  826eb1d1a7b917f6dee249f37af24361
- SHA1
  
  c18f330f5b1ba64442fd7602de2113680753641c
- SHA256
  
  10e8ac3fe4d3e6ace7f19a10a1df4409c104f8943d9a0f3b6fd7107620dc9310
- SHA512
  
  968671772d9b604646a14a61d5d81a1abe9d244583ed4dabb919275dc186ad63a9a4451c3fbd2d9a02b2362feb3fb6d78e60115ae05bb5c263a9a75729d8b335
- SSDEEP
  
  6144:Cx/olbmPZ0OnHmt5e5UebJbBfQ/w8s3BMPn6lhXSFeMh2UAWTBNBJEUa:CtQmRznHm25UIbBMw8whMRAWTDBra
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral3 behavioral4
- Target
  
  pkooit/libeay32.dll
- Size
  
  1.7MB
- MD5
  
  d5b3b79c526f7c6450644762d9354185
- SHA1
  
  84454ffad57c1efb996a2d43aecf03a04a8fb307
- SHA256
  
  05db795353977fa9918cfddb3f9df6a863038565e3a0fde0b60f7dc7a5d62226
- SHA512
  
  666f94624fa7a1601d474833220d4b91b3110ae4c8cc550647355a656db2b5edc26475eab3f811c8844efdd04548baab3f5fa8b52e03aef554c1865591c0cb1e
- SSDEEP
  
  12288:2jt5/IUcQzHoeA6K0NJJMRLCIht15yD+b02Ab8FJJUl:2j//BcQroejNJm5315yqDFJGl
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral5 behavioral6
- Target
  
  pkooit/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  pkooit/msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  pkooit/ssleay32.dll
- Size
  
  231KB
- MD5
  
  83502d796852329cdfc906fee2b5ede4
- SHA1
  
  23c223804f01f9a0b2a9879077aa2bce7d963092
- SHA256
  
  cfdf8b760afdfe34c0ee943faf9452b4de438836e03990f983883c1f51be5e26
- SHA512
  
  d965334342905fdbd6411e27eeefadcad3e28c9294f56dc8e6265e688c3a0da5976fda5961523ad8c237e3a8c605d9c7427deefbf72937ff02494f1ecf946335
- SSDEEP
  
  6144:1tuPYBz4tt1ic+5uvNt0ZI0+UrHHZ7N3sEUWh5quGt/zvkLEaa8ZESWC5lQmSUzh:1t9Bz4f1ic+5ult0/lrHHZ79pJh5qpt0
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryvmprotect

behavioral2

discoveryvmprotect

behavioral3

discoveryvmprotect

behavioral4

discoveryvmprotect

behavioral5

discoveryvmprotect

behavioral6

discoveryvmprotect

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

discoveryvmprotect

behavioral12

discoveryvmprotect