General

  • Target

    cdd8b75974c7b6fe22e6bd04f4be35af3903d45122ef1d1f781fa651804f46ee

  • Size

    523KB

  • Sample

    220201-k6xqkaceh6

  • MD5

    00aad078cd77944931451c36de4fbd54

  • SHA1

    547e0e7ed464ce0bf07e1b5f5dc7e8666d3ffb5c

  • SHA256

    cdd8b75974c7b6fe22e6bd04f4be35af3903d45122ef1d1f781fa651804f46ee

  • SHA512

    5c66baae3a2c03ac1e4e60eb184b14b5a1ff4105225320dd4e2f0c0ea0cd521a3e0dd9c70add4f91aa8c2b018faa543ed3d4224ee9b0106fe7efe51f2a3630c1

Malware Config

Targets

    • Target

      cdd8b75974c7b6fe22e6bd04f4be35af3903d45122ef1d1f781fa651804f46ee

    • Size

      523KB

    • MD5

      00aad078cd77944931451c36de4fbd54

    • SHA1

      547e0e7ed464ce0bf07e1b5f5dc7e8666d3ffb5c

    • SHA256

      cdd8b75974c7b6fe22e6bd04f4be35af3903d45122ef1d1f781fa651804f46ee

    • SHA512

      5c66baae3a2c03ac1e4e60eb184b14b5a1ff4105225320dd4e2f0c0ea0cd521a3e0dd9c70add4f91aa8c2b018faa543ed3d4224ee9b0106fe7efe51f2a3630c1

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Valak

      Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

    • Valak JavaScript Loader

    • Blocklisted process makes network request

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks