Overview

overview

8

Static

static

7

1c65f0109f...53.exe

windows7-x64

8

1c65f0109f...53.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c65f0109f37c52a2b05422b5de18bd6644157149eae035c75df3a3abb989053

  • Size

    1.4MB

  • Sample

    250328-h18jrsszey

  • MD5

    5bffbc6fbfef7805bf1025fe3b252f32

  • SHA1

    e94909d28e39a10eea3d6fcedcd6cd7bb609185a

  • SHA256

    1c65f0109f37c52a2b05422b5de18bd6644157149eae035c75df3a3abb989053

  • SHA512

    aaba43ca16a5523f15aa6660d6d031eb1af72012994b82dce88152d53a21e360dd3bf87915cf27a17e3717d40b99025ab9d516de4d3f80100566eb5505e2b366

  • SSDEEP

    24576:2oaQk9HHhLzdok75ns9nyzf5hojqxzRJJ0+12:2ojkJBLz6ktns98f5hbx1JJD2

Score
8/10
discoveryvmprotect

Malware Config

Targets

    • Target

      1c65f0109f37c52a2b05422b5de18bd6644157149eae035c75df3a3abb989053

    • Size

      1.4MB

    • MD5

      5bffbc6fbfef7805bf1025fe3b252f32

    • SHA1

      e94909d28e39a10eea3d6fcedcd6cd7bb609185a

    • SHA256

      1c65f0109f37c52a2b05422b5de18bd6644157149eae035c75df3a3abb989053

    • SHA512

      aaba43ca16a5523f15aa6660d6d031eb1af72012994b82dce88152d53a21e360dd3bf87915cf27a17e3717d40b99025ab9d516de4d3f80100566eb5505e2b366

    • SSDEEP

      24576:2oaQk9HHhLzdok75ns9nyzf5hojqxzRJJ0+12:2ojkJBLz6ktns98f5hbx1JJD2

    Score
    8/10
    discoveryvmprotect

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks