Overview

overview

7

Static

static

7

672aa1917f...d9.exe

windows7-x64

7

672aa1917f...d9.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    672aa1917fc0e2b6573a2e133c0471ea2166f65d06a16d4d35745d5e3c150ed9

  • Size

    745KB

  • Sample

    250329-age44svtcs

  • MD5

    117693e11a24c6ede9ec1d9df7c25be8

  • SHA1

    0183377986b7608eaa3998e6098354c73772e49c

  • SHA256

    672aa1917fc0e2b6573a2e133c0471ea2166f65d06a16d4d35745d5e3c150ed9

  • SHA512

    812ec76cce0ef203e65bf94f9e6b550f4f98ad5beab88df05157a2f67d10ae8b7afeb5c047cec29a5ad63062d34c04a28e93bc546ac7e871428bb5149b20571a

  • SSDEEP

    12288:I5fftbKFi/se+UmC7v98vzokOa4zg8NGJlcgxSSXTetB+EcvACuV0o:I5fl+I/VH7v98vzokOacUlwSXC+EcvAz

Score
7/10
discoverypersistencevmprotect

Malware Config

Targets

    • Target

      672aa1917fc0e2b6573a2e133c0471ea2166f65d06a16d4d35745d5e3c150ed9

    • Size

      745KB

    • MD5

      117693e11a24c6ede9ec1d9df7c25be8

    • SHA1

      0183377986b7608eaa3998e6098354c73772e49c

    • SHA256

      672aa1917fc0e2b6573a2e133c0471ea2166f65d06a16d4d35745d5e3c150ed9

    • SHA512

      812ec76cce0ef203e65bf94f9e6b550f4f98ad5beab88df05157a2f67d10ae8b7afeb5c047cec29a5ad63062d34c04a28e93bc546ac7e871428bb5149b20571a

    • SSDEEP

      12288:I5fftbKFi/se+UmC7v98vzokOa4zg8NGJlcgxSSXTetB+EcvACuV0o:I5fl+I/VH7v98vzokOacUlwSXC+EcvAz

    Score
    7/10
    discoveryvmprotectpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.