fa5e38ff3f546827c5e62db27f12d68bcc4cb30285a329088c54995b2e4ec5d0 | Triage

Submit
Reports

Overview

overview

Static

static

v4vcmk.exe

windows7_x64

v4vcmk.exe

windows10-2004_x64

Resubmissions

28-03-2023 12:54

230328-p5kf3abb35 10

10-02-2022 06:54

220210-hn9lasfgel 10

Sharing

General

Target

v4vcmk.exe
Size

235KB
Sample

220210-hn9lasfgel
MD5

e7a30a6b98068f2c28af36b58c314c6a
SHA1

4a366530e40c4ba0f6df97c8ebce2429aea6cc35
SHA256

fa5e38ff3f546827c5e62db27f12d68bcc4cb30285a329088c54995b2e4ec5d0
SHA512

8e8bff9a8c1976ca5724a8eaec77b81f7d057311021845aa3f72a6573bf25b189e715af3902fef76079e3dd2dcc6cf7ed513f9f8df9cf60c1e23439c990b33e6

Score

10^/10

evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

v4vcmk.exe

Resource

win7-en-20211208

evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

v4vcmk.exe

Resource

win10v2004-en-20220113

evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  v4vcmk.exe
- Size
  
  235KB
- MD5
  
  e7a30a6b98068f2c28af36b58c314c6a
- SHA1
  
  4a366530e40c4ba0f6df97c8ebce2429aea6cc35
- SHA256
  
  fa5e38ff3f546827c5e62db27f12d68bcc4cb30285a329088c54995b2e4ec5d0
- SHA512
  
  8e8bff9a8c1976ca5724a8eaec77b81f7d057311021845aa3f72a6573bf25b189e715af3902fef76079e3dd2dcc6cf7ed513f9f8df9cf60c1e23439c990b33e6
Score

10^/10

evasion persistence spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- Suspicious use of NtCreateProcessExOtherParentProcess
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistencetrojan

© 2018-2024

Terms | Privacy