Resubmissions

28/03/2023, 12:54

230328-p5kf3abb35 10

10/02/2022, 06:54

220210-hn9lasfgel 10

General

  • Target

    v4vcmk.exe

  • Size

    235KB

  • Sample

    230328-p5kf3abb35

  • MD5

    e7a30a6b98068f2c28af36b58c314c6a

  • SHA1

    4a366530e40c4ba0f6df97c8ebce2429aea6cc35

  • SHA256

    fa5e38ff3f546827c5e62db27f12d68bcc4cb30285a329088c54995b2e4ec5d0

  • SHA512

    8e8bff9a8c1976ca5724a8eaec77b81f7d057311021845aa3f72a6573bf25b189e715af3902fef76079e3dd2dcc6cf7ed513f9f8df9cf60c1e23439c990b33e6

  • SSDEEP

    3072:be0LTBeC0bt7ipg9+HaNbVW7MKcvsh/jXo+mo5vCI3nqDEmpl7Z4ovpUsttQ:tTwC0Epg9kIWl4+moESwEmD7Z7hUst2

Malware Config

Targets

    • Target

      v4vcmk.exe

    • Size

      235KB

    • MD5

      e7a30a6b98068f2c28af36b58c314c6a

    • SHA1

      4a366530e40c4ba0f6df97c8ebce2429aea6cc35

    • SHA256

      fa5e38ff3f546827c5e62db27f12d68bcc4cb30285a329088c54995b2e4ec5d0

    • SHA512

      8e8bff9a8c1976ca5724a8eaec77b81f7d057311021845aa3f72a6573bf25b189e715af3902fef76079e3dd2dcc6cf7ed513f9f8df9cf60c1e23439c990b33e6

    • SSDEEP

      3072:be0LTBeC0bt7ipg9+HaNbVW7MKcvsh/jXo+mo5vCI3nqDEmpl7Z4ovpUsttQ:tTwC0Epg9kIWl4+moESwEmD7Z7hUst2

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks