General

  • Target

    cf1109.exe

  • Size

    3.6MB

  • Sample

    231204-ej7pcsgh64

  • MD5

    91815bf91f726daff42fa0d72bb16ba9

  • SHA1

    a2eeef28a9f5b13265d15b4ea67e39aba14c2026

  • SHA256

    0afe2457593ed96468f8acd9027a1f44612afff56ab63864c3f745a40e902e21

  • SHA512

    500e287cd0b54911b18da6242a2f7c8afa04e1500ab86c9fa86068c3cee216e6033768fb67f1d8e68d24be033e49292ee8d016f5fbaf3433be6e17ace1786147

  • SSDEEP

    98304:YtpmbKYUJBi1dAst6Esrf3b6xjM/qcURDE81VZTU0bKt+tVn/ndxr:YfmfG/fr6pKAn1VZT5bTt5fH

Score
7/10

Malware Config

Targets

    • Target

      cf1109.exe

    • Size

      3.6MB

    • MD5

      91815bf91f726daff42fa0d72bb16ba9

    • SHA1

      a2eeef28a9f5b13265d15b4ea67e39aba14c2026

    • SHA256

      0afe2457593ed96468f8acd9027a1f44612afff56ab63864c3f745a40e902e21

    • SHA512

      500e287cd0b54911b18da6242a2f7c8afa04e1500ab86c9fa86068c3cee216e6033768fb67f1d8e68d24be033e49292ee8d016f5fbaf3433be6e17ace1786147

    • SSDEEP

      98304:YtpmbKYUJBi1dAst6Esrf3b6xjM/qcURDE81VZTU0bKt+tVn/ndxr:YfmfG/fr6pKAn1VZT5bTt5fH

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks