General

  • Target

    KMS_Suite.v9.5.EN.bat

  • Size

    348KB

  • Sample

    240214-vamwlagh23

  • MD5

    af73bf925361348072469cff78890a4b

  • SHA1

    dca20e41242d9398f474babb80c971e5fc27de69

  • SHA256

    cc331c94fd9e4584f405bd6b03fb99ecfbb5293017293fc0a37a9b1737d31722

  • SHA512

    6c7966852db9921338e6770b07190033ac1fb88035024388c8717c4d080e64587baffbbd99b6ac3657beec59d5ec8685acb4349953d92801a65089eb25253032

  • SSDEEP

    6144:zaGyPc7/Tg7jc4zlw6PhVMt1pOb4RKsFx+GXtO9l0X0dgJ/pGntI/:zaXEDTg84z5pVM9O0lgz70kd0pEE

Malware Config

Targets

    • Target

      KMS_Suite.v9.5.EN.bat

    • Size

      348KB

    • MD5

      af73bf925361348072469cff78890a4b

    • SHA1

      dca20e41242d9398f474babb80c971e5fc27de69

    • SHA256

      cc331c94fd9e4584f405bd6b03fb99ecfbb5293017293fc0a37a9b1737d31722

    • SHA512

      6c7966852db9921338e6770b07190033ac1fb88035024388c8717c4d080e64587baffbbd99b6ac3657beec59d5ec8685acb4349953d92801a65089eb25253032

    • SSDEEP

      6144:zaGyPc7/Tg7jc4zlw6PhVMt1pOb4RKsFx+GXtO9l0X0dgJ/pGntI/:zaXEDTg84z5pVM9O0lgz70kd0pEE

    • Blocklisted process makes network request

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks