General

  • Target

    5a3ffc6a89772bf529cd4dd8df0ac340db29974f000120ccfab2b2ae267abbb3

  • Size

    122KB

  • Sample

    221127-pqy1xacb4s

  • MD5

    9af7d469610185bfa0d6b4e420339f4e

  • SHA1

    1c51549da0de81a4bca01859323ce8c6d84d5c15

  • SHA256

    5a3ffc6a89772bf529cd4dd8df0ac340db29974f000120ccfab2b2ae267abbb3

  • SHA512

    b499d355ccb783213936a62b19a060a28dc141ddd5b5c0875837b7d13551990fb3368204d518f25834f3305aac7f5673d9cee4bba760853298eb490b155fabaf

  • SSDEEP

    3072:bnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kj:bDn440zt46i4EruLorkj

Malware Config

Targets

    • Target

      5a3ffc6a89772bf529cd4dd8df0ac340db29974f000120ccfab2b2ae267abbb3

    • Size

      122KB

    • MD5

      9af7d469610185bfa0d6b4e420339f4e

    • SHA1

      1c51549da0de81a4bca01859323ce8c6d84d5c15

    • SHA256

      5a3ffc6a89772bf529cd4dd8df0ac340db29974f000120ccfab2b2ae267abbb3

    • SHA512

      b499d355ccb783213936a62b19a060a28dc141ddd5b5c0875837b7d13551990fb3368204d518f25834f3305aac7f5673d9cee4bba760853298eb490b155fabaf

    • SSDEEP

      3072:bnDHH47khTSHz4dwqKdM6i4JGpZh37uLjudqz9d0kj:bDn440zt46i4EruLorkj

    • Sets DLL path for service in the registry

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks