General

  • Target

    76f996fe94999296ea0d7124b526df392ec565d7cc92c73969ed88f3e61d7e13

  • Size

    274KB

  • Sample

    231206-nklmysec44

  • MD5

    bf985df4ec08934701e58692ceb73507

  • SHA1

    1a21ca68a731ca388204ccac74bc466f47b57297

  • SHA256

    76f996fe94999296ea0d7124b526df392ec565d7cc92c73969ed88f3e61d7e13

  • SHA512

    eb181cce57f0261ca385005b18254639a59096b0d3b8bf7956360c86fecdb97a0c2bd32912db8811430af15829c69cd7daf1b43117095de0cce9495a49440c9d

  • SSDEEP

    6144:DbTirrfykiiUjh6QH/cEOkCybEaQRXr9HNdvOa:DPcrfR6ZnOkx2LIa

Score
8/10

Malware Config

Targets

    • Target

      76f996fe94999296ea0d7124b526df392ec565d7cc92c73969ed88f3e61d7e13

    • Size

      274KB

    • MD5

      bf985df4ec08934701e58692ceb73507

    • SHA1

      1a21ca68a731ca388204ccac74bc466f47b57297

    • SHA256

      76f996fe94999296ea0d7124b526df392ec565d7cc92c73969ed88f3e61d7e13

    • SHA512

      eb181cce57f0261ca385005b18254639a59096b0d3b8bf7956360c86fecdb97a0c2bd32912db8811430af15829c69cd7daf1b43117095de0cce9495a49440c9d

    • SSDEEP

      6144:DbTirrfykiiUjh6QH/cEOkCybEaQRXr9HNdvOa:DPcrfR6ZnOkx2LIa

    Score
    8/10
    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks