General
-
Target
c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be
-
Size
122KB
-
Sample
221127-knj2radb89
-
MD5
a4cd16ba3f51b62eb9ae3ac906a0a217
-
SHA1
1472576b62096a1efe813d750d9a01b236744ccf
-
SHA256
c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be
-
SHA512
7d507f4645b23c971ed2230149295852ad9657ac537895f558dfe364ca0304aad2e9bc16f59dfe023eafab802899dce14f493349f1d5cb9c8de0a4d8071bb8fc
-
SSDEEP
3072:TnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kqC:TDn440zt46i4EruLorkr
Malware Config
Targets
-
-
Target
c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be
-
Size
122KB
-
MD5
a4cd16ba3f51b62eb9ae3ac906a0a217
-
SHA1
1472576b62096a1efe813d750d9a01b236744ccf
-
SHA256
c31a8d3b14394c36c39e4095d049a3404c835879559467d2a0c58b344104b4be
-
SHA512
7d507f4645b23c971ed2230149295852ad9657ac537895f558dfe364ca0304aad2e9bc16f59dfe023eafab802899dce14f493349f1d5cb9c8de0a4d8071bb8fc
-
SSDEEP
3072:TnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kqC:TDn440zt46i4EruLorkr
Score8/10-
Sets DLL path for service in the registry
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-