General

  • Target

    lfahe1.cab

  • Size

    523KB

  • Sample

    201109-4ry1jth3zn

  • MD5

    4f74df55ff11ae52b59a5ae086593347

  • SHA1

    b0f465a36e86e11ce00756e7e81b679bd9f98c29

  • SHA256

    de342d1a4e8dd15037b9b5e859bb57e2e8db8987957cc232ce545db5610ce0e3

  • SHA512

    4a0bd09d0428a0df5a675d74d2fe40e4c05c74a78bd34dcb1bb5dd23f1da70e0ee2ac0f4de04cb8c19478065835c90b8e9373579c054786c98ef3896d772a3e2

Score
10/10

Malware Config

Targets

    • Target

      lfahe1.cab

    • Size

      523KB

    • MD5

      4f74df55ff11ae52b59a5ae086593347

    • SHA1

      b0f465a36e86e11ce00756e7e81b679bd9f98c29

    • SHA256

      de342d1a4e8dd15037b9b5e859bb57e2e8db8987957cc232ce545db5610ce0e3

    • SHA512

      4a0bd09d0428a0df5a675d74d2fe40e4c05c74a78bd34dcb1bb5dd23f1da70e0ee2ac0f4de04cb8c19478065835c90b8e9373579c054786c98ef3896d772a3e2

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Valak

      Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

    • Valak JavaScript Loader

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • JavaScript code in executable

MITRE ATT&CK Matrix

Tasks