General

  • Target

    28f95bd89183a54567e70e2d02afc9bdb26f196c79b7e65aefecd30a1cd4ff2e

  • Size

    5MB

  • Sample

    220804-dky8yaabh8

  • MD5

    0fb3f0ee78448aac3542aba6aa9f3bb0

  • SHA1

    fd7577dd6cdcef82108d2c70954c77db12ab3e05

  • SHA256

    28f95bd89183a54567e70e2d02afc9bdb26f196c79b7e65aefecd30a1cd4ff2e

  • SHA512

    ab02e4504f137262930da264ba71ab9ebdd43cfca65c42b3e5964d9914cd306122cdffd28871093cef707924c170394d1f81fed31604986e9d3fe43d2b85efbb

Score
8/10

Malware Config

Targets

    • Target

      28f95bd89183a54567e70e2d02afc9bdb26f196c79b7e65aefecd30a1cd4ff2e

    • Size

      5MB

    • MD5

      0fb3f0ee78448aac3542aba6aa9f3bb0

    • SHA1

      fd7577dd6cdcef82108d2c70954c77db12ab3e05

    • SHA256

      28f95bd89183a54567e70e2d02afc9bdb26f196c79b7e65aefecd30a1cd4ff2e

    • SHA512

      ab02e4504f137262930da264ba71ab9ebdd43cfca65c42b3e5964d9914cd306122cdffd28871093cef707924c170394d1f81fed31604986e9d3fe43d2b85efbb

    Score
    8/10
    • Blocklisted process makes network request

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks