Overview

overview

8

Static

static

1

Kerio-Vpnl...it.exe

windows10-2004-x64

8

Resubmissions

20-09-2023 08:04

230920-jykwcsha89 8

20-09-2023 08:03

230920-jxtrwaeh7v 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kerio-Vpnlike-32Bit.exe

  • Size

    9.6MB

  • Sample

    230920-jxtrwaeh7v

  • MD5

    7f4f3492feef2acde222975aa6006f99

  • SHA1

    24e4bc0d49b3b89b4910778d6642052e80ca32ec

  • SHA256

    5a1dc565eea53fe57433dd5e76e093ab20e67cccd0d9fc2ba7a71d2a8f896bb9

  • SHA512

    3e98da1f0654a916dee493c9aacdb293f562f7a7adc18b07662fb4267cb2deb953d9abde608cc9041bf9bd062fd330cc116f0e1910fc298e932bbf71b82b3621

  • SSDEEP

    196608:Mlq+1NKOV3HbOVYt3wHpe0t/jev/cXeEzi7DQPjJf9s:Y7Hd3UeM7e8XeM8UPNfi

Score
8/10
persistence

Malware Config

Targets

    • Target

      Kerio-Vpnlike-32Bit.exe

    • Size

      9.6MB

    • MD5

      7f4f3492feef2acde222975aa6006f99

    • SHA1

      24e4bc0d49b3b89b4910778d6642052e80ca32ec

    • SHA256

      5a1dc565eea53fe57433dd5e76e093ab20e67cccd0d9fc2ba7a71d2a8f896bb9

    • SHA512

      3e98da1f0654a916dee493c9aacdb293f562f7a7adc18b07662fb4267cb2deb953d9abde608cc9041bf9bd062fd330cc116f0e1910fc298e932bbf71b82b3621

    • SSDEEP

      196608:Mlq+1NKOV3HbOVYt3wHpe0t/jev/cXeEzi7DQPjJf9s:Y7Hd3UeM7e8XeM8UPNfi

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks