General

  • Target

    ec34212811e7ce52e9f74a2b8cb288dadb3a25fa1613a87bb9bea7bed40ba18c

  • Size

    523KB

  • Sample

    220201-ktrnsabgcr

  • MD5

    68234a9e29bd19f4c3d605ae8fbda2df

  • SHA1

    16293ed56b9e4286e4549de48ee97d3962f91cb4

  • SHA256

    ec34212811e7ce52e9f74a2b8cb288dadb3a25fa1613a87bb9bea7bed40ba18c

  • SHA512

    431096a5e61b714c98f72626da0f7841677a8aee4c243ba3c57504bd6bfdb6a2a01e7f783fac642f253c088eb28c9610680f65ae92a0af277dd4bfffc847e45e

Malware Config

Targets

    • Target

      ec34212811e7ce52e9f74a2b8cb288dadb3a25fa1613a87bb9bea7bed40ba18c

    • Size

      523KB

    • MD5

      68234a9e29bd19f4c3d605ae8fbda2df

    • SHA1

      16293ed56b9e4286e4549de48ee97d3962f91cb4

    • SHA256

      ec34212811e7ce52e9f74a2b8cb288dadb3a25fa1613a87bb9bea7bed40ba18c

    • SHA512

      431096a5e61b714c98f72626da0f7841677a8aee4c243ba3c57504bd6bfdb6a2a01e7f783fac642f253c088eb28c9610680f65ae92a0af277dd4bfffc847e45e

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Valak

      Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

    • Valak JavaScript Loader

    • Blocklisted process makes network request

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks