Overview

overview

8

Static

static

1

Karla-Regular.ttf

windows7-x64

6

Karla-Regular.ttf

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Karla-Regular.ttf

  • Size

    16KB

  • Sample

    231127-zm117sch5s

  • MD5

    b923ce07bd8c6d8c02f163460d4428ca

  • SHA1

    81c645a5bb59f327489ed86c48cc18b7f780a0a4

  • SHA256

    907c55a993e35b3ae4f3b8b8c28367f4b6d431df8e9ca6fbd382d8317dd3684e

  • SHA512

    c8ed55f13d89c501c7e87f841bd388512171e6b73bccba01d09f91fada430e9748dcf9a6cf9314c909ba487caa3bf5918269760bd4614d4ccc22983a281f1fb5

  • SSDEEP

    384:jHHlG5+EwI3nLyvkl5goc26IIbWl0LF7BDtmlCR17NJM:jnAcELyvkP16IIbWl0LdmlCR1bM

Score
8/10

Malware Config

Targets

    • Target

      Karla-Regular.ttf

    • Size

      16KB

    • MD5

      b923ce07bd8c6d8c02f163460d4428ca

    • SHA1

      81c645a5bb59f327489ed86c48cc18b7f780a0a4

    • SHA256

      907c55a993e35b3ae4f3b8b8c28367f4b6d431df8e9ca6fbd382d8317dd3684e

    • SHA512

      c8ed55f13d89c501c7e87f841bd388512171e6b73bccba01d09f91fada430e9748dcf9a6cf9314c909ba487caa3bf5918269760bd4614d4ccc22983a281f1fb5

    • SSDEEP

      384:jHHlG5+EwI3nLyvkl5goc26IIbWl0LF7BDtmlCR17NJM:jnAcELyvkP16IIbWl0LdmlCR1bM

    Score
    8/10

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks