General

  • Target

    43562c36ec73a45ebe9e3a6fcb945207222ed3765ad8615d1d07d27b9a3cb718

  • Size

    523KB

  • Sample

    220201-mjzmrachek

  • MD5

    90b5b0f0cc5afcf66b65e1ccd2c9a32d

  • SHA1

    07128a05271af1058c2083a946d49f7ec60e238b

  • SHA256

    43562c36ec73a45ebe9e3a6fcb945207222ed3765ad8615d1d07d27b9a3cb718

  • SHA512

    f6a368667079913dd3a60b78f07c63c77a6a36843951decbf6a262becca533f511edc285e13f0a7549bf469c9f6cc6e3120ae821d3403d5da71dd08d79536be7

Malware Config

Targets

    • Target

      43562c36ec73a45ebe9e3a6fcb945207222ed3765ad8615d1d07d27b9a3cb718

    • Size

      523KB

    • MD5

      90b5b0f0cc5afcf66b65e1ccd2c9a32d

    • SHA1

      07128a05271af1058c2083a946d49f7ec60e238b

    • SHA256

      43562c36ec73a45ebe9e3a6fcb945207222ed3765ad8615d1d07d27b9a3cb718

    • SHA512

      f6a368667079913dd3a60b78f07c63c77a6a36843951decbf6a262becca533f511edc285e13f0a7549bf469c9f6cc6e3120ae821d3403d5da71dd08d79536be7

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Valak

      Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

    • Valak JavaScript Loader

    • Blocklisted process makes network request

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks