General

  • Target

    1cf683ccf1629a7851819eaddc6186b05414e0406fc5e00efe78d588f68a6678

  • Size

    4.5MB

  • Sample

    231209-zsp6wsadhn

  • MD5

    e19ad55ea46ef189e0539bb1c53bff62

  • SHA1

    d7b35ea19c573b4c300fdf247ac6b9018c1d81c7

  • SHA256

    1cf683ccf1629a7851819eaddc6186b05414e0406fc5e00efe78d588f68a6678

  • SHA512

    adfc562cf084322b8683826a75cfaf67b4e23a128e5415554d3c95c3544c9a14f5ed843d0cf46ca81d5688dd00eee86b5eaf01fe38899f02c2f092b96037ee97

  • SSDEEP

    49152:r1aJm5TNIkGI+sjePXBIZHQWjS1c/3YHcX5QZuTtS0rQMYOQ+q8CE9jSn6ri99Kl:5BH1jefGHeSAEWsM0r1QncO90FeOv

Score
10/10

Malware Config

Targets

    • Target

      1cf683ccf1629a7851819eaddc6186b05414e0406fc5e00efe78d588f68a6678

    • Size

      4.5MB

    • MD5

      e19ad55ea46ef189e0539bb1c53bff62

    • SHA1

      d7b35ea19c573b4c300fdf247ac6b9018c1d81c7

    • SHA256

      1cf683ccf1629a7851819eaddc6186b05414e0406fc5e00efe78d588f68a6678

    • SHA512

      adfc562cf084322b8683826a75cfaf67b4e23a128e5415554d3c95c3544c9a14f5ed843d0cf46ca81d5688dd00eee86b5eaf01fe38899f02c2f092b96037ee97

    • SSDEEP

      49152:r1aJm5TNIkGI+sjePXBIZHQWjS1c/3YHcX5QZuTtS0rQMYOQ+q8CE9jSn6ri99Kl:5BH1jefGHeSAEWsM0r1QncO90FeOv

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks