Overview

overview

8

Static

static

7

d2902e149e...37.exe

windows7-x64

8

d2902e149e...37.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2902e149e178e0965fdab95de997496d89a0d42797c15c3b2fb7eb13e245137

  • Size

    3.6MB

  • Sample

    250328-jhcj2stsgz

  • MD5

    55028b736b71fe85c5c238093b3b5172

  • SHA1

    3a72fc7967a440d69d21a7cf3319f7f9c88c8d1b

  • SHA256

    d2902e149e178e0965fdab95de997496d89a0d42797c15c3b2fb7eb13e245137

  • SHA512

    b5c6130a6151ed5f254a6f13db02c6a46642a917d622ec51b5845b282d0d046a1db7f22a49b8a1c728ff1cc561fed51c1d25e7a08f6e708471785b0b490ff5b1

  • SSDEEP

    98304:CAINzOmPlWsM0r1QnPmWh9ytykJ9Js98rh11JR:CAINzVl4bytyydnR

Score
8/10
discoveryvmprotect

Malware Config

Targets

    • Target

      d2902e149e178e0965fdab95de997496d89a0d42797c15c3b2fb7eb13e245137

    • Size

      3.6MB

    • MD5

      55028b736b71fe85c5c238093b3b5172

    • SHA1

      3a72fc7967a440d69d21a7cf3319f7f9c88c8d1b

    • SHA256

      d2902e149e178e0965fdab95de997496d89a0d42797c15c3b2fb7eb13e245137

    • SHA512

      b5c6130a6151ed5f254a6f13db02c6a46642a917d622ec51b5845b282d0d046a1db7f22a49b8a1c728ff1cc561fed51c1d25e7a08f6e708471785b0b490ff5b1

    • SSDEEP

      98304:CAINzOmPlWsM0r1QnPmWh9ytykJ9Js98rh11JR:CAINzVl4bytyydnR

    Score
    8/10
    discoveryvmprotect

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks