General

  • Target

    Valerie Installation.exe

  • Size

    63.0MB

  • Sample

    201123-x78b7vbp8n

  • MD5

    281cc8d716c551b4897ffe9a4caad106

  • SHA1

    db97ccf50d9679fd7f5e5f084aa0ca9a9b7504e5

  • SHA256

    51248880da0996411594216f9a35677da5c5d294d7e1d100c610587c3bbe3fdc

  • SHA512

    c8c6e44175d0862b296f3ca745db606f8d6e9d5d1f6181725e17fb1227957e16a0b220e6b2d40a135aca04a654e8431dee0fed722285daa629ab037642ab05ab

Malware Config

Targets

    • Target

      Valerie Installation.exe

    • Size

      63.0MB

    • MD5

      281cc8d716c551b4897ffe9a4caad106

    • SHA1

      db97ccf50d9679fd7f5e5f084aa0ca9a9b7504e5

    • SHA256

      51248880da0996411594216f9a35677da5c5d294d7e1d100c610587c3bbe3fdc

    • SHA512

      c8c6e44175d0862b296f3ca745db606f8d6e9d5d1f6181725e17fb1227957e16a0b220e6b2d40a135aca04a654e8431dee0fed722285daa629ab037642ab05ab

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Tasks