General

  • Target

    MonkeyVPN1.1.2.exe.vir

  • Size

    43.2MB

  • Sample

    240924-hv25ssvekl

  • MD5

    f3696254e6992deccbff25ab0af2ebc8

  • SHA1

    54ca8798c4e4eb8a455769ab706cc3de7fa1917d

  • SHA256

    ce92f52a6bc1f39cb592766cbf17e5bed63fa59eda5c88a961517ba3da5b49d3

  • SHA512

    fc58762f3436e0c32d57ffdba6f3fc3eeb176a52eed93c41b3c867fd24e5eb431bb46a2e89c375598ae37c83ec726dc74b1a61ee18e5c583e339ad4a3de1e8e7

  • SSDEEP

    786432:W+ZLhn5jG92pLhIvTIUBEiigLdfKRo8lS1h2a35VdZn33DmzBt/vWJZlZj1SXgfK:WULhn5jGWVIbIUBUsxMlmV3nHnnD6TX5

Malware Config

Targets

    • Target

      MonkeyVPN1.1.2.exe.vir

    • Size

      43.2MB

    • MD5

      f3696254e6992deccbff25ab0af2ebc8

    • SHA1

      54ca8798c4e4eb8a455769ab706cc3de7fa1917d

    • SHA256

      ce92f52a6bc1f39cb592766cbf17e5bed63fa59eda5c88a961517ba3da5b49d3

    • SHA512

      fc58762f3436e0c32d57ffdba6f3fc3eeb176a52eed93c41b3c867fd24e5eb431bb46a2e89c375598ae37c83ec726dc74b1a61ee18e5c583e339ad4a3de1e8e7

    • SSDEEP

      786432:W+ZLhn5jG92pLhIvTIUBEiigLdfKRo8lS1h2a35VdZn33DmzBt/vWJZlZj1SXgfK:WULhn5jGWVIbIUBUsxMlmV3nHnnD6TX5

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks