General

  • Target

    c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be

  • Size

    122KB

  • Sample

    221127-knj2radb89

  • MD5

    a4cd16ba3f51b62eb9ae3ac906a0a217

  • SHA1

    1472576b62096a1efe813d750d9a01b236744ccf

  • SHA256

    c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be

  • SHA512

    7d507f4645b23c971ed2230149295852ad9657ac537895f558dfe364ca0304aad2e9bc16f59dfe023eafab802899dce14f493349f1d5cb9c8de0a4d8071bb8fc

  • SSDEEP

    3072:TnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kqC:TDn440zt46i4EruLorkr

Malware Config

Targets

    • Target

      c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be

    • Size

      122KB

    • MD5

      a4cd16ba3f51b62eb9ae3ac906a0a217

    • SHA1

      1472576b62096a1efe813d750d9a01b236744ccf

    • SHA256

      c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be

    • SHA512

      7d507f4645b23c971ed2230149295852ad9657ac537895f558dfe364ca0304aad2e9bc16f59dfe023eafab802899dce14f493349f1d5cb9c8de0a4d8071bb8fc

    • SSDEEP

      3072:TnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kqC:TDn440zt46i4EruLorkr

    • Sets DLL path for service in the registry

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks