General

  • Target

    640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6

  • Size

    2.3MB

  • Sample

    221126-1cpe4aae41

  • MD5

    9b0a133907d375fe9660fe1096c16e25

  • SHA1

    483be8832a4d7e5215485869857d4e55a6f02536

  • SHA256

    640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6

  • SHA512

    5e6c71c667af4f8e13868379f30027a18536cdb0ca4353bc7125dd55775210b5a03cdb25cda18c97ba456b75cfe26ed8467e48bb47e44f2347ab671279950bc0

  • SSDEEP

    49152:hc//////ZTIuA0Vt5yEslK/3/fKWFbZXgmp8xm4pvo1irlR/nF/T7DZ4:hc//////jt5yDI/3ntZJ8sKw1ol1F/TW

Malware Config

Targets

    • Target

      640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6

    • Size

      2.3MB

    • MD5

      9b0a133907d375fe9660fe1096c16e25

    • SHA1

      483be8832a4d7e5215485869857d4e55a6f02536

    • SHA256

      640b41fd6e2b9d33490ecc0943abf950127803bdca344999702e6714d1afd9c6

    • SHA512

      5e6c71c667af4f8e13868379f30027a18536cdb0ca4353bc7125dd55775210b5a03cdb25cda18c97ba456b75cfe26ed8467e48bb47e44f2347ab671279950bc0

    • SSDEEP

      49152:hc//////ZTIuA0Vt5yEslK/3/fKWFbZXgmp8xm4pvo1irlR/nF/T7DZ4:hc//////jt5yDI/3ntZJ8sKw1ol1F/TW

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Tasks