General

  • Target

    f68d739c1c6980281b3bba0d8fc6fee8

  • Size

    57KB

  • Sample

    231228-ze7tsaffd8

  • MD5

    f68d739c1c6980281b3bba0d8fc6fee8

  • SHA1

    fcf1ba2d0353338dcb32a0e8451f98278787d14b

  • SHA256

    b95587bf4d3256dad302674e2d3ef792571d7649a3d10c7188b90a6a2ad56b80

  • SHA512

    f6f6eca908075b7beb5f3755aea3ce0fceb303d2868d23d84eb458464c623c9afd302901cbce6cfbb5bca8d336d9aaf2058404090f861ea141debe8a82481112

  • SSDEEP

    768:ckjZ1gMwMCMgTEzJYcQZgmLgjdFMmxL88OLC3NkgGN6B9sCPEMiDMbSxwojfiJQ:ckjLwB5iJ8gY8889kgXJjfU

Malware Config

Targets

    • Target

      f68d739c1c6980281b3bba0d8fc6fee8

    • Size

      57KB

    • MD5

      f68d739c1c6980281b3bba0d8fc6fee8

    • SHA1

      fcf1ba2d0353338dcb32a0e8451f98278787d14b

    • SHA256

      b95587bf4d3256dad302674e2d3ef792571d7649a3d10c7188b90a6a2ad56b80

    • SHA512

      f6f6eca908075b7beb5f3755aea3ce0fceb303d2868d23d84eb458464c623c9afd302901cbce6cfbb5bca8d336d9aaf2058404090f861ea141debe8a82481112

    • SSDEEP

      768:ckjZ1gMwMCMgTEzJYcQZgmLgjdFMmxL88OLC3NkgGN6B9sCPEMiDMbSxwojfiJQ:ckjLwB5iJ8gY8889kgXJjfU

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks