General

  • Target

    ff4f8f3ad4cf426a6705f1070107e1b7f7c984178aa23d02db098277d698a16a

  • Size

    274KB

  • Sample

    231204-nreszsah22

  • MD5

    c143ffe41a63c53736db29f1593eb3a8

  • SHA1

    66190d69803da48712c2e535c5462ad901080f46

  • SHA256

    ff4f8f3ad4cf426a6705f1070107e1b7f7c984178aa23d02db098277d698a16a

  • SHA512

    1ac4f2914fa6cff83d9f01406605648316a5947dc779579ad8db4f6b4fced95ab4011046eaae592a6caf7941a707998a59bbc480db9ac1058647de6d8c48ea56

  • SSDEEP

    6144:RbTirrfykiiUjh6QH/cEOkCybEaQRXr9HNdvOa:RPcrfR6ZnOkx2LIa

Score
8/10

Malware Config

Targets

    • Target

      ff4f8f3ad4cf426a6705f1070107e1b7f7c984178aa23d02db098277d698a16a

    • Size

      274KB

    • MD5

      c143ffe41a63c53736db29f1593eb3a8

    • SHA1

      66190d69803da48712c2e535c5462ad901080f46

    • SHA256

      ff4f8f3ad4cf426a6705f1070107e1b7f7c984178aa23d02db098277d698a16a

    • SHA512

      1ac4f2914fa6cff83d9f01406605648316a5947dc779579ad8db4f6b4fced95ab4011046eaae592a6caf7941a707998a59bbc480db9ac1058647de6d8c48ea56

    • SSDEEP

      6144:RbTirrfykiiUjh6QH/cEOkCybEaQRXr9HNdvOa:RPcrfR6ZnOkx2LIa

    Score
    8/10
    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks