General

  • Target

    Kamyroll_1.0.5_x64_en-US.msi

  • Size

    22.6MB

  • Sample

    230109-e1kadsge5z

  • MD5

    12da7fea4ee30276be4b9ad361a003b7

  • SHA1

    2d098dd0c2a683d3e14f73a72fe88012e7347c0a

  • SHA256

    f63d1f23e72a4687b6e6e751a9cadab71830aa678cc21461d0e512b73b2e32ff

  • SHA512

    1b213e3b3898ca70cca680a89815a183678710b1550b4c7167b8f2f817cf0a73c0b07c9901fadae392a915b8b55fe9cb7049ac6541047a14ca9c68fa63bd39eb

  • SSDEEP

    393216:x1z9wvtr9CjOdUprFfa69uxhGcYnwo6qlUk2AxaeuEAvGzn/0vW1giBLWxL2L0:xx9wvtrsjOdgtaMuxhGPPAAkeAvGEW5I

Malware Config

Targets

    • Target

      Kamyroll_1.0.5_x64_en-US.msi

    • Size

      22.6MB

    • MD5

      12da7fea4ee30276be4b9ad361a003b7

    • SHA1

      2d098dd0c2a683d3e14f73a72fe88012e7347c0a

    • SHA256

      f63d1f23e72a4687b6e6e751a9cadab71830aa678cc21461d0e512b73b2e32ff

    • SHA512

      1b213e3b3898ca70cca680a89815a183678710b1550b4c7167b8f2f817cf0a73c0b07c9901fadae392a915b8b55fe9cb7049ac6541047a14ca9c68fa63bd39eb

    • SSDEEP

      393216:x1z9wvtr9CjOdUprFfa69uxhGcYnwo6qlUk2AxaeuEAvGzn/0vW1giBLWxL2L0:xx9wvtrsjOdgtaMuxhGPPAAkeAvGEW5I

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks