User tags
Assigned on submission by the user, not by sandbox detections.
General
-
Target
klkjjk.exe.3
-
Size
3.9MB
-
Sample
240425-gfs3xagc9y
-
MD5
0d28c308c7d3af1f50a24cd98d59adbe
-
SHA1
617eb940a77fffe2e8363f9a11430ebb56b4c988
-
SHA256
f917cbb00490f27691097081db77cc38d0f776d374b2fbd40e4b592eeef578be
-
SHA512
d71da6edef67bc977ac8564f75cc0e8cdd31c0a9b37253017122f522c4d2f1ece5d8a56642dab40e3d8651ad1d1233ba0a27f78a536ddf897ddd392dbebb5ae8
-
SSDEEP
49152:/YQ9p/TMILu3UAJvYIJ7PBJw47zI8gFEtYnEZhNa+uOTapp5pP7eoi:DpgQEZPPT4Yj
Static task
static1
Behavioral task
behavioral1
Sample
klkjjk.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
klkjjk.exe.3
-
Size
3.9MB
-
MD5
0d28c308c7d3af1f50a24cd98d59adbe
-
SHA1
617eb940a77fffe2e8363f9a11430ebb56b4c988
-
SHA256
f917cbb00490f27691097081db77cc38d0f776d374b2fbd40e4b592eeef578be
-
SHA512
d71da6edef67bc977ac8564f75cc0e8cdd31c0a9b37253017122f522c4d2f1ece5d8a56642dab40e3d8651ad1d1233ba0a27f78a536ddf897ddd392dbebb5ae8
-
SSDEEP
49152:/YQ9p/TMILu3UAJvYIJ7PBJw47zI8gFEtYnEZhNa+uOTapp5pP7eoi:DpgQEZPPT4Yj
-
Detect ZGRat V1
-
Looks for VirtualBox Guest Additions in registry
-
XMRig Miner payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6Virtualization/Sandbox Evasion
2