Overview

overview

7

Static

static

1

android_root.exe

windows7-x64

7

android_root.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    android_root.exe

  • Size

    18.2MB

  • Sample

    250222-fam42axqbt

  • MD5

    fff6e0571a4c248c8242fe5bd0a3a583

  • SHA1

    eab5d36dbbf8ba170b9c8e8196bf89953f75b931

  • SHA256

    2f400f0b2fe121b8e5b1415a99dfda2f5502b7aa2e7002ef6e464f0d587dba0f

  • SHA512

    2b618bd9219b9f7e7ccbb1435c756348dd109fce1f98eb12df18b90d21cca60ab88675c585cc8472f3be2828ec0dffed44131868275b4309682c769a7a4b442f

  • SSDEEP

    393216:g9oFlWgKHM+0Z8NFDO/wqMKlBngr8InY/3cqgYkqFhbTVsq3+A:eovpoMpOvDOY4vW8IwcnYdTVsLA

Score
7/10
discoveryvmprotect

Malware Config

Targets

    • Target

      android_root.exe

    • Size

      18.2MB

    • MD5

      fff6e0571a4c248c8242fe5bd0a3a583

    • SHA1

      eab5d36dbbf8ba170b9c8e8196bf89953f75b931

    • SHA256

      2f400f0b2fe121b8e5b1415a99dfda2f5502b7aa2e7002ef6e464f0d587dba0f

    • SHA512

      2b618bd9219b9f7e7ccbb1435c756348dd109fce1f98eb12df18b90d21cca60ab88675c585cc8472f3be2828ec0dffed44131868275b4309682c769a7a4b442f

    • SSDEEP

      393216:g9oFlWgKHM+0Z8NFDO/wqMKlBngr8InY/3cqgYkqFhbTVsq3+A:eovpoMpOvDOY4vW8IwcnYdTVsLA

    Score
    7/10
    discoveryvmprotect

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks