General
-
Target
18747c2191a87db21ca0b1f95cf19da30f47a3db58cb3fbc8e9afe4b6cd74334
-
Size
526KB
-
Sample
240628-xrsvaayhrb
-
MD5
3b7c973bca4c7034c009b9cd2b0140cd
-
SHA1
2c5de140bf2280e32fb5597d24146d73568121eb
-
SHA256
18747c2191a87db21ca0b1f95cf19da30f47a3db58cb3fbc8e9afe4b6cd74334
-
SHA512
441b2439e63b3a31f2e806f0e924977ae4119f8eb48de25367f61f74f5d03b8a0c8c2173899d6e12bbab0ace07720323eae9fb51ad469b5535f5d5d824cf2a98
-
SSDEEP
6144:lrhCmSiJnFtXJch8bZ0iDd+gFuC88bYVWTb4gU+b2HV70/2wPe1ep1B+wsiBzVXv:lYmSczXJWSMg188MMTWSrB+wbzVXZ7o
Malware Config
Targets
-
-
Target
18747c2191a87db21ca0b1f95cf19da30f47a3db58cb3fbc8e9afe4b6cd74334
-
Size
526KB
-
MD5
3b7c973bca4c7034c009b9cd2b0140cd
-
SHA1
2c5de140bf2280e32fb5597d24146d73568121eb
-
SHA256
18747c2191a87db21ca0b1f95cf19da30f47a3db58cb3fbc8e9afe4b6cd74334
-
SHA512
441b2439e63b3a31f2e806f0e924977ae4119f8eb48de25367f61f74f5d03b8a0c8c2173899d6e12bbab0ace07720323eae9fb51ad469b5535f5d5d824cf2a98
-
SSDEEP
6144:lrhCmSiJnFtXJch8bZ0iDd+gFuC88bYVWTb4gU+b2HV70/2wPe1ep1B+wsiBzVXv:lYmSczXJWSMg188MMTWSrB+wbzVXZ7o
Score9/10-
Detects executables packed with VMProtect.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Drops file in System32 directory
-