General

  • Target

    98fa07c229dd2f3e4eaaefb3372d5615c0acb728b1edb6e95b46477bbf691f5e

  • Size

    523KB

  • Sample

    220201-lnr8sschd6

  • MD5

    71a761af92d5b98c9fea7a1e723f7fc7

  • SHA1

    551763b0e3eec17666275e76c95d2b4c30703c37

  • SHA256

    98fa07c229dd2f3e4eaaefb3372d5615c0acb728b1edb6e95b46477bbf691f5e

  • SHA512

    f16dcb4d6083e141aee3bb9283aff90879f1bb1570c25abc8c4b42753b4c943e385007e8398d05ac9224e57c481d356c6efc7520660807963ff99c9c085aad41

Malware Config

Targets

    • Target

      98fa07c229dd2f3e4eaaefb3372d5615c0acb728b1edb6e95b46477bbf691f5e

    • Size

      523KB

    • MD5

      71a761af92d5b98c9fea7a1e723f7fc7

    • SHA1

      551763b0e3eec17666275e76c95d2b4c30703c37

    • SHA256

      98fa07c229dd2f3e4eaaefb3372d5615c0acb728b1edb6e95b46477bbf691f5e

    • SHA512

      f16dcb4d6083e141aee3bb9283aff90879f1bb1570c25abc8c4b42753b4c943e385007e8398d05ac9224e57c481d356c6efc7520660807963ff99c9c085aad41

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Valak

      Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

    • Valak JavaScript Loader

    • Blocklisted process makes network request

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks