Overview

overview

8

Static

static

7

UUDPTBXHGP.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UUDPTBXHGP.t

  • Size

    6.1MB

  • Sample

    240701-j49rns1bnd

  • MD5

    b15850bf1a5712a40e7cb9dba90e54be

  • SHA1

    7b4b4d5a24e8123f32f5260382917c05d2fd5789

  • SHA256

    4eab28bf6548c6a24b13e8bdbda9bbac66a8df97a31c77426e0e46c5503213c8

  • SHA512

    5a8d3d0ba102a23bd6d1b65f7b64a422e88207c98e988c1ea66c92b6533d6854cf1dd08b8daffca1fbf174b10a8b1c7e5684993e99a3788e0e69f40c2a879794

  • SSDEEP

    196608:2TKSzjl6H+jCy7VzIyrzbqGWXcZRJRbUST:2mMCy7j3BOcZBUST

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      UUDPTBXHGP.t

    • Size

      6.1MB

    • MD5

      b15850bf1a5712a40e7cb9dba90e54be

    • SHA1

      7b4b4d5a24e8123f32f5260382917c05d2fd5789

    • SHA256

      4eab28bf6548c6a24b13e8bdbda9bbac66a8df97a31c77426e0e46c5503213c8

    • SHA512

      5a8d3d0ba102a23bd6d1b65f7b64a422e88207c98e988c1ea66c92b6533d6854cf1dd08b8daffca1fbf174b10a8b1c7e5684993e99a3788e0e69f40c2a879794

    • SSDEEP

      196608:2TKSzjl6H+jCy7VzIyrzbqGWXcZRJRbUST:2mMCy7j3BOcZBUST

    Score
    8/10
    persistencevmprotect

    • Sets service image path in registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks