General

  • Target

    a35fc395d2ebf4d9a528f0f5049a190e715ad5a6e9c1632891c7da77d671f871

  • Size

    4.6MB

  • Sample

    231205-nkceaabb23

  • MD5

    87548e4481a53eb640c988098ec07507

  • SHA1

    e3eff83280e3adb4a0c3db8179b3f710003076db

  • SHA256

    a35fc395d2ebf4d9a528f0f5049a190e715ad5a6e9c1632891c7da77d671f871

  • SHA512

    485fd1b75e1a7e2bf11276010adfe46cc3a1a77ea4c25ac92a5a3f430940f3a5d2c8cdcf2b98843eccf6ce06e3172398ec4222b89b2cecbb88a046c453ef7864

  • SSDEEP

    98304:rM0Fe0HC9sKtfVRP6fOIG8HOZVnDXDh+AcZS/G1874nCRk:Po0iimt6fxG8icAlk8knCq

Score
10/10

Malware Config

Targets

    • Target

      a35fc395d2ebf4d9a528f0f5049a190e715ad5a6e9c1632891c7da77d671f871

    • Size

      4.6MB

    • MD5

      87548e4481a53eb640c988098ec07507

    • SHA1

      e3eff83280e3adb4a0c3db8179b3f710003076db

    • SHA256

      a35fc395d2ebf4d9a528f0f5049a190e715ad5a6e9c1632891c7da77d671f871

    • SHA512

      485fd1b75e1a7e2bf11276010adfe46cc3a1a77ea4c25ac92a5a3f430940f3a5d2c8cdcf2b98843eccf6ce06e3172398ec4222b89b2cecbb88a046c453ef7864

    • SSDEEP

      98304:rM0Fe0HC9sKtfVRP6fOIG8HOZVnDXDh+AcZS/G1874nCRk:Po0iimt6fxG8icAlk8knCq

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks