General

  • Target

    a2b74bbf07c32c440a3cb903d871823a618521b9364d73dea7f2a8f5b4cf0bfc

  • Size

    140KB

  • Sample

    221127-qflhhadh9w

  • MD5

    5c37c82ce6248d5eaea227cf174a7220

  • SHA1

    125f1fb1df8fd19150ebb38082c44417f40d256c

  • SHA256

    a2b74bbf07c32c440a3cb903d871823a618521b9364d73dea7f2a8f5b4cf0bfc

  • SHA512

    b06e59993b32cac4703f13bafb22ef56db54e5cb759e2785ea2c6dee55a29be5a898ce97fb73e83a71368f6378f3dd528472bfb1c61ce13d53d1416380066c15

  • SSDEEP

    3072:/b4s/l8iiDXiYukRy9Vd746gh4Z91gCBzTz4y3/UHj7Nzspl+fXo:/B/l0Xi3uyJ7Mhy9dx3s3f4

Malware Config

Targets

    • Target

      a2b74bbf07c32c440a3cb903d871823a618521b9364d73dea7f2a8f5b4cf0bfc

    • Size

      140KB

    • MD5

      5c37c82ce6248d5eaea227cf174a7220

    • SHA1

      125f1fb1df8fd19150ebb38082c44417f40d256c

    • SHA256

      a2b74bbf07c32c440a3cb903d871823a618521b9364d73dea7f2a8f5b4cf0bfc

    • SHA512

      b06e59993b32cac4703f13bafb22ef56db54e5cb759e2785ea2c6dee55a29be5a898ce97fb73e83a71368f6378f3dd528472bfb1c61ce13d53d1416380066c15

    • SSDEEP

      3072:/b4s/l8iiDXiYukRy9Vd746gh4Z91gCBzTz4y3/UHj7Nzspl+fXo:/B/l0Xi3uyJ7Mhy9dx3s3f4

    • Sets DLL path for service in the registry

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks