General
-
Target
MonkeyVPN1.1.2.exe.vir
-
Size
43.2MB
-
Sample
240924-hv25ssvekl
-
MD5
f3696254e6992deccbff25ab0af2ebc8
-
SHA1
54ca8798c4e4eb8a455769ab706cc3de7fa1917d
-
SHA256
ce92f52a6bc1f39cb592766cbf17e5bed63fa59eda5c88a961517ba3da5b49d3
-
SHA512
fc58762f3436e0c32d57ffdba6f3fc3eeb176a52eed93c41b3c867fd24e5eb431bb46a2e89c375598ae37c83ec726dc74b1a61ee18e5c583e339ad4a3de1e8e7
-
SSDEEP
786432:W+ZLhn5jG92pLhIvTIUBEiigLdfKRo8lS1h2a35VdZn33DmzBt/vWJZlZj1SXgfK:WULhn5jGWVIbIUBUsxMlmV3nHnnD6TX5
Malware Config
Targets
-
-
Target
MonkeyVPN1.1.2.exe.vir
-
Size
43.2MB
-
MD5
f3696254e6992deccbff25ab0af2ebc8
-
SHA1
54ca8798c4e4eb8a455769ab706cc3de7fa1917d
-
SHA256
ce92f52a6bc1f39cb592766cbf17e5bed63fa59eda5c88a961517ba3da5b49d3
-
SHA512
fc58762f3436e0c32d57ffdba6f3fc3eeb176a52eed93c41b3c867fd24e5eb431bb46a2e89c375598ae37c83ec726dc74b1a61ee18e5c583e339ad4a3de1e8e7
-
SSDEEP
786432:W+ZLhn5jG92pLhIvTIUBEiigLdfKRo8lS1h2a35VdZn33DmzBt/vWJZlZj1SXgfK:WULhn5jGWVIbIUBUsxMlmV3nHnnD6TX5
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1