General

  • Target

    f988031e3278f097698eb15edc6e102b0fcc52e7cb7724956a08b3c707601f4a

  • Size

    1.3MB

  • Sample

    221127-m5dbmsff4v

  • MD5

    65841317c594aa376619d690534a6233

  • SHA1

    75c47ebd0b53c729c32d4f9953bbf9a7beb55865

  • SHA256

    f988031e3278f097698eb15edc6e102b0fcc52e7cb7724956a08b3c707601f4a

  • SHA512

    8317900e5fd64d11b9b08b6de5e6e69fab9c8d25b943d9ba6003a3fb2a27ef78cc7d02087d1dc809669516563182189f5b60831a52c232fbe8dec7349d2c79c4

  • SSDEEP

    24576:GEHiF1rxV4AtyPMAPIqWtWh+s+E01GCIxoIzgokpNUgbXhWE0k7ePByPVYR1D:GhrxHgMuIxtWUsqyjLuXKbPBy+RB

Malware Config

Targets

    • Target

      cfxindong.exe

    • Size

      1.4MB

    • MD5

      2db0597e0fbbf3aab93dea3ca76db883

    • SHA1

      9b431e5d427176fe9bca82464322be3f3a723187

    • SHA256

      b98932763d82836e2de77e3043b1687db27a17ea98fc1532818032d4ea9f2543

    • SHA512

      7cc86eddb9be47dda8bc03197319ba686f46ff765b8bea2260ba308f720d7ccee73dd868b7ee92eb973f3a1a15986039659c09c572cae2cb6477ee01dbf223ca

    • SSDEEP

      24576:YOhS6Gp4FvrTVAoByFq45oMWTSV0Oq20dGIIxocDIukNdl5ThASKYReX5kPTwHH:NndrTtMquojTSCOIOlCTyfX5kUHH

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks