7b80b47bf8544dc821175720adc89ed99ffadbcd4252c132e688f67c3ad11e2a | Triage

Sharing

General

Target

main.zip
Size

70.0MB
Sample

241120-xlmfbawldk
MD5

b667356d0fd2f2b950fad9d9e92e6ecf
SHA1

9b89dcd2d459f51bfde58ed6279e2e5e86a90b0a
SHA256

7b80b47bf8544dc821175720adc89ed99ffadbcd4252c132e688f67c3ad11e2a
SHA512

8f6f3b43edbc3af5d5c11e803a50abe667eaa94c57f05a44294d65b7d6bf7e85aef8a515ddc62423eaa0b8bbfcf0d514d7e9e33b5a5f3d62dbdd4e588813f7e8
SSDEEP

1572864:sf52sH9DwtcKqoyVy+UFDqxfLfOxcnECI91Hh92OoBK:g2YDwtVbyg+PxfLQch65nb

Score

7^/10

discovery linux macos persistence privilege_escalation upx vmprotect

Malware Config

Targets

- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Confused.exe
- Size
  
  54KB
- MD5
  
  81c6a8ccd47647c4297afe20fcf87eec
- SHA1
  
  dbcfd866f0755363ae7733038826d7cf911e20a1
- SHA256
  
  cbaa687115266698f94f10cc0f7807b5f7d5ae2b734c36306bcc7dd0163c7885
- SHA512
  
  ed3a577ae81701cd3da8266021ff46cc86c6a4a67f37382970f821d0ecf68a7d3175a07e8ad1f0bdcb086e790462a045498e8d79c2aa06a0a2bd83dac2346c97
- SSDEEP
  
  384:lKhl7xFP1eWkvwKwq6uwKTdWiiirQlWN38okbJ45SzDBonYtptYcFwVc03K:eKBKuzMbdenYftYcFwVc6K
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Lib/Linux/libVMProtectSDK32.so
- Size
  
  25KB
- MD5
  
  c1f04f4a922dba8d0eb8bdc1e1f5b0e3
- SHA1
  
  991f54d44253f81048dbcab404359bbdaea772ce
- SHA256
  
  5aec2c03bc5e4658f849491bbd665e9c4c3bc5e4007b8258505c21b704aeb9a1
- SHA512
  
  33d774941c31dbc74d3ad0f16256231bca78692020c372da664e5c5c4c7900cdc9d8f2f0a04ec10b64498291a77f15e2b86b9f42d4556ddd3c07d7d3e77bfc9a
- SSDEEP
  
  384:Sc6LggOxAHXUtyQv5YLNf37oBz3r37FDSNyUg2UAU/LglzWYOG6xuVlXOgMr/7EJ:Sc6LfOx/N5YByUjUPx2IgMr/7EhZXx
Score

1^/10
behavioral3
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Lib/Linux/libVMProtectSDK64.so
- Size
  
  31KB
- MD5
  
  deb0b135958cf5e479831efd2a74d693
- SHA1
  
  a243420341ce6a65f78bc92adff9834d184a7ed8
- SHA256
  
  f2ea6cf49d93238dba7cafeee24fd9fcf2f4d55c108b9359cd894c4c7f381ea8
- SHA512
  
  43304c2e954fe6e14a36cf93bbaa3b44d2f66c1136e734bf4f0cdfabc8a0cd4ac2e93ce261ad4a021263e9b049b2b79f4577d5610f6108ca610b3f33fbdec46f
- SSDEEP
  
  768:q6he00JUA6NaqvPk8/6LFM+Bqqqqqcwc5h8D+HvKN:Y0FX/6LFMS8ci
Score

1^/10
behavioral4
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Lib/OSX/libVMProtectSDK.dylib
- Size
  
  49KB
- MD5
  
  e10aced290d81f4de7a47e6081dabacd
- SHA1
  
  1c785df3687475284320328d180ef88c35058522
- SHA256
  
  08844f83ce48fb0b867ab150fa026ef18f5947b47d4e66afa4f96750de07c359
- SHA512
  
  33a12ff1f5caf2bd6abd87e6380ab71a1fcde6c9d308e0b7fc303c532c6aff3ea3a5d924bfd54380fbb945a286a26967029283cf41ee79e96739a54d2abb923d
- SSDEEP
  
  768:JYsIlAGwZI3l19U1I+8Qi0RWOdQL8r+3INQyVldkFYuMAykBGSZtQ1:+sEwY0+WL
Score

1^/10
behavioral5
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Lib/Windows/VMProtectDDK32.sys
- Size
  
  3KB
- MD5
  
  47e4914ff43c3ca4857b2f752ecd988e
- SHA1
  
  951f6bf8ec6cf1f39eda8aeb928dbaaba9d75448
- SHA256
  
  38a2cd94a8067b20487b0a35cc51356e3ceaa95d308ef9c54d82f2f049ec4ff7
- SHA512
  
  b210862d6eb97b9c4fed0dfce41e51b995796ace0f9ed1f2bce9e90d98705b76cfdcb490dc63228838c8c2e74f38033b8737fc6b2d967ab1e144da9eb56127f9
Score

3^/10

discovery
behavioral6 behavioral7
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Lib/Windows/VMProtectDDK64.sys
- Size
  
  4KB
- MD5
  
  bd3fe4c0f24ee725a8cb4c18bc42b4c4
- SHA1
  
  5f111db295d032a326b3fcfb6e12fb1fd5eab3fb
- SHA256
  
  3dbb538d04186dfdcddd2407221dfed444716e77a901ce742eb130238801a360
- SHA512
  
  be293477c701e4e2998c8427b355847a93f867f59c6d58d0da73394f46719d137fe6a157bfc86dcc78848da8c2af3ae09faf139cc923d690411cc1eb0e2583b8
Score

1^/10
behavioral8 behavioral9
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Lib/Windows/VMProtectSDK32.dll
- Size
  
  98KB
- MD5
  
  499158a5670bd6f682da647fff7f1a3a
- SHA1
  
  2a29cd92911bea2e6bb4570e945fb6f75e56ee3a
- SHA256
  
  a635944e549744f238aac2898b2c722a1df1252628acc9edddae3806a0e4dbdb
- SHA512
  
  d3db984e6625ba04674a42cc6bac5accaf0df09334d1c209d7461a32b06e51edad8ff247bfdc07d541d5ae2007bba77d0dfbcad13d09ee6fc25f317df490b0bd
- SSDEEP
  
  1536:+T33kLmdI52QC2mCYKw2cr2RhXbZ9qu/nDw2a1+YRroJQusWMIcdw60YXowGF:WhQC2mCYK3RhrZ9dPk2Q9yMJw60YRG
Score

3^/10

discovery
behavioral10 behavioral11
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Lib/Windows/VMProtectSDK64.dll
- Size
  
  116KB
- MD5
  
  330cf0e2726ff0aea52a8e57e566a635
- SHA1
  
  52cc0287cc6972e9302428bce7b04e8f9cb86244
- SHA256
  
  644615a7ed89935cb97a2cf9fbb0e9cb34e39c7a66e17b33ec8381be073b514e
- SHA512
  
  96757c8ef581d33158ea3bc383ed4c021efd74f1239f3974cbdcbc7aced1efbfbd09dc9840121dd4c305dc586a7d9d91e4d5e3dd05350eb05cd39b46a6de19d1
- SSDEEP
  
  3072:cmcqYHq7Aiytzg2ScpvgJcG5sqYX6UdHMlBS:l0Hq7AiyegZgJZSXlsH
Score

1^/10
behavioral12 behavioral13
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/Panel.exe
- Size
  
  54KB
- MD5
  
  81c6a8ccd47647c4297afe20fcf87eec
- SHA1
  
  dbcfd866f0755363ae7733038826d7cf911e20a1
- SHA256
  
  cbaa687115266698f94f10cc0f7807b5f7d5ae2b734c36306bcc7dd0163c7885
- SHA512
  
  ed3a577ae81701cd3da8266021ff46cc86c6a4a67f37382970f821d0ecf68a7d3175a07e8ad1f0bdcb086e790462a045498e8d79c2aa06a0a2bd83dac2346c97
- SSDEEP
  
  384:lKhl7xFP1eWkvwKwq6uwKTdWiiirQlWN38okbJ45SzDBonYtptYcFwVc03K:eKBKuzMbdenYftYcFwVc6K
Score

3^/10

discovery
behavioral14 behavioral15
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/VMProtect.exe
- Size
  
  20.0MB
- MD5
  
  3774e9ba30a09287289c6a131821651d
- SHA1
  
  bbc1cfef4d7755fba83994849176a7fcb8c886ae
- SHA256
  
  3c94c8e6ca6ea0b6f1276448be8e14ecc1c7fca8018cf5ae050f65631aa2d8d1
- SHA512
  
  81e116d703fb34d2dc2a33b4a03d5427e44ef5c7ab8bee3b395483de6f444235a7dd2dcf5834ca21a6c837f9bd5ef38d66ba65f0dddcfa424d565461ac16ebc2
- SSDEEP
  
  393216:D9819KZxcPEv69tkVAUU6N8sBf5osxr2w+ZR6ngzTP9kEWigrc:DQKZxxi9KVsY6sxr2w+pTP9pWikc
Score

5^/10

upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral16 behavioral17
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/VMProtect_Con.exe
- Size
  
  11.7MB
- MD5
  
  f205a62f65a0d4d5c118383274e69078
- SHA1
  
  67cb875aae7711298b703f838885df4ed3613c21
- SHA256
  
  081abb75877f4cf6d9c54eb68b3facdbcb719daadd3c8243a6b733f138e904d5
- SHA512
  
  762b1a1432216c5636c2cecfa5a6f2d79f0d187f945aa1aee7282148d71f84ef69d581a3492cdfe3efec3b9c531066b7b974ff6d51023667506d9ead710b8b9a
- SSDEEP
  
  196608:KboG8+4mVVQ4Om1u3GknOTHOs3Iv6O1IzqTpkCoSacbutyCA:K80HQ+1Meis3E+mTpk9liuZA
Score

5^/10

upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral18 behavioral19
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/VMProtect_Ext32.dll
- Size
  
  203KB
- MD5
  
  3f9e448ae6aa847d494d56bf9db69cb4
- SHA1
  
  d1d27a61c1091441fa7b95f98aba681ca857eace
- SHA256
  
  f039d8a5e9ef840cdc9c0cfc93706b4ea2678505a5a0dda90a4b37a2276c09f5
- SHA512
  
  c91946f9d4b1d8094cc5f5d34e450efda231d396c939e5652158373f00ec99bad555c5f097508b8d04ab3ef9bab84e21d64d29d5d8358911c9499f39d61961a8
- SSDEEP
  
  1536:a8nI73PQ/7Iik4j6cI5roCqo7ms0amw4dBQ3kBwsW9cdWnnq/XbbTgjkXzeXlttO:G7/fcI9oCqk1L8BqkrWnq/X38EMqF
Score

3^/10

discovery
behavioral20 behavioral21
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/VMProtect_Ext64.dll
- Size
  
  226KB
- MD5
  
  497eb359ef385fcfc803362543839c18
- SHA1
  
  22fb486074cfc4dd2ee8d84b337168b92dc254f6
- SHA256
  
  fa9849a6901be008ab8aa17b2f4b234a1d0ee9fd202fe075ec7b178e3b66ecff
- SHA512
  
  9568334e7d0bef147764f47929b4c6c9d5f13690c209c1c7b775cd5490a60b613d701d3804322cb4ead36ec4b733aaecdece8dd5df7f2b4ac2535db0bab0fcff
- SSDEEP
  
  3072:SXep6V+Hiwesaje/gwINrc1yUSh6LFGCm8EMq:JVNaq4bkCsLgC5q
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral22 behavioral23
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/VaporObfuscator.exe
- Size
  
  575KB
- MD5
  
  fad7cacec5ebf554454a4b661b285bad
- SHA1
  
  938913d5857fc3f64662c59610da24805cd8bdbd
- SHA256
  
  f5a3d90836673ecf4737f2d3728dd42381adc61df9efe312acd6a4a03e2818eb
- SHA512
  
  c860a6e4dac715b5e7344f5ae49017f92bb53d3406dc9937cc3285d8073c1f5858721fe3d4e168bd331802a7a67a327cc50c62bdb4241134b7eec2c534acb300
- SSDEEP
  
  3072:YMxeoyEl8ZkzV/jE++4RXxeoyEl8ZkzVl:Re202Vbf+4RBe202V
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/dnlib.dll
- Size
  
  1.2MB
- MD5
  
  b6b02cebfb3126be62d6d22efed0e141
- SHA1
  
  ee6624975b6c30fa740af327d9523956da25f7b5
- SHA256
  
  015007da0b500719e6e2d68c2c5b894c8c8ffb75b3911073efd29a32acf868fd
- SHA512
  
  ad0a997973d6d2c85164926f158552bf7cb86e2c3c4577b6ac509ba92cdbfd5e60892e0c1902f0eec06cf156ce11d0f250cb4358a8db16c88881302f47846d41
- SSDEEP
  
  24576:1F06PfMequGPlX2pfdwaSx1MIfVDSV5v7fsN3:1+5u+3xdW
Score

1^/10
behavioral26 behavioral27
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/test.exe
- Size
  
  284KB
- MD5
  
  a8e6fafd1c98cea3f206b3fbf1a1c4f9
- SHA1
  
  42b23af4bd5c6580956e1a72ef4b2bfeac3a5898
- SHA256
  
  2bc43e7db728a0146a42adcb4981dd1b9df687559f8dc6ae5876311c57027cea
- SHA512
  
  fa181d77c65f64ff2819c1b7807a569522aeb81ab3a3727b342dc9329ec77022a116b576dee823dd39b68a6ca8f5cd3d9f23efb4e0cf40284d4c1bb238f33d90
- SSDEEP
  
  6144:ffTgaPJ7MswLqkknAlbqDTzYxlvdhIsYmVqG4EGB4nRNIl/Vh:ffTVw+kIubq8fJVqGS4nON
Score

1^/10
behavioral28 behavioral29
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x64/test.vmp.exe
- Size
  
  5.3MB
- MD5
  
  e83e582e24ee1c1e70f243a087cb1838
- SHA1
  
  562a421096a516c5fb01b56df3e6a4e6aba14e05
- SHA256
  
  13a1d84c41a395d6603d3e7b2d3493753dbff10d9623233666e0bf2af77f725c
- SHA512
  
  e5599e55e17464f945af779bb682b03ebeeb22c40d700f8ea57efac6a34ba5be37e7f4cec99d06ef56c0e1448efc8c2afadd5a68a7ae7e04a383067a1622120b
- SSDEEP
  
  98304:dEU44sg31AlAr7WBCxUzFNi3HFV/ZzcVkvrXIhoBkKPG/cvJj3kUnSQA45hLOb/v:aOSBCxUzFyHFr4kDjlnxj3tnJ5hAK
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral30 behavioral31
- Target
  
  VMProtect-Ultimate--main/VMProtect Ultimate/VMProtect Ultimate x86/Lib/Linux/libVMProtectSDK32.so
- Size
  
  25KB
- MD5
  
  c1f04f4a922dba8d0eb8bdc1e1f5b0e3
- SHA1
  
  991f54d44253f81048dbcab404359bbdaea772ce
- SHA256
  
  5aec2c03bc5e4658f849491bbd665e9c4c3bc5e4007b8258505c21b704aeb9a1
- SHA512
  
  33d774941c31dbc74d3ad0f16256231bca78692020c372da664e5c5c4c7900cdc9d8f2f0a04ec10b64498291a77f15e2b86b9f42d4556ddd3c07d7d3e77bfc9a
- SSDEEP
  
  384:Sc6LggOxAHXUtyQv5YLNf37oBz3r37FDSNyUg2UAU/LglzWYOG6xuVlXOgMr/7EJ:Sc6LfOx/N5YByUjUPx2IgMr/7EhZXx
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

persistenceprivilege_escalation

behavioral23

persistenceprivilege_escalation

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32