General

  • Target

    KerbalSpaceProgram Turkce Yama Kurulumu.exe

  • Size

    67.1MB

  • Sample

    231115-ahw41sha37

  • MD5

    93530a9714f6b721ba45fbf82fb36c4e

  • SHA1

    7fa1dc079004c8acd6d3a2c53ac9fba4dbfb11d5

  • SHA256

    4f1c64f9a718df8014428ebfa1222183700c91b1c7f3a431f66bbcbb357a8574

  • SHA512

    011e81762215bea51bb6b4295d3a8a36bde93c8cc845bab66b3ce7e475eadc19d0de164b0289e0e5c17454cb4a7bb0884a07aa4252d1322679be36a11ef2f234

  • SSDEEP

    1572864:eGlqhpZDckekSjofjyjsUSnSTt2mjN6LIFTtAmriZn0:ZlqzpakSjobmsUQC0mjN6Qbs0

Score
10/10

Malware Config

Targets

    • Target

      KerbalSpaceProgram Turkce Yama Kurulumu.exe

    • Size

      67.1MB

    • MD5

      93530a9714f6b721ba45fbf82fb36c4e

    • SHA1

      7fa1dc079004c8acd6d3a2c53ac9fba4dbfb11d5

    • SHA256

      4f1c64f9a718df8014428ebfa1222183700c91b1c7f3a431f66bbcbb357a8574

    • SHA512

      011e81762215bea51bb6b4295d3a8a36bde93c8cc845bab66b3ce7e475eadc19d0de164b0289e0e5c17454cb4a7bb0884a07aa4252d1322679be36a11ef2f234

    • SSDEEP

      1572864:eGlqhpZDckekSjofjyjsUSnSTt2mjN6LIFTtAmriZn0:ZlqzpakSjobmsUQC0mjN6Qbs0

    Score
    10/10
    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks