General

  • Target

    VNXLauncher-Win-32-x86-en_US-1.3.21.1.0322-1.exe

  • Size

    105.8MB

  • Sample

    240930-mkb8vavcma

  • MD5

    c0ef796f13cfade0aea3aed814a37fda

  • SHA1

    085e52da4b9590f5357b72665ee8597ce50a32f2

  • SHA256

    77057bc007a1fbd7987c5c720528511b27265c5f8cd878269110399321fb8a8a

  • SHA512

    0856975fc0740be2eb2ccf759318bbbc4d1e6b0a4760550af98c47011d5ef568bb00e3f10e80e687173935ce5c923123632b09ddb39d02ed1a17bad245dc9169

  • SSDEEP

    1572864:Wvkl5gaKjQYMAyecr0gee0WEo7ik7o8V3o+iuHO3o68VWSsC6i+tpljsv96sf9MV:WvklKHXyb0qoo7iio8V4PcZS5J+Ff3Cb

Malware Config

Targets

    • Target

      VNXLauncher-Win-32-x86-en_US-1.3.21.1.0322-1.exe

    • Size

      105.8MB

    • MD5

      c0ef796f13cfade0aea3aed814a37fda

    • SHA1

      085e52da4b9590f5357b72665ee8597ce50a32f2

    • SHA256

      77057bc007a1fbd7987c5c720528511b27265c5f8cd878269110399321fb8a8a

    • SHA512

      0856975fc0740be2eb2ccf759318bbbc4d1e6b0a4760550af98c47011d5ef568bb00e3f10e80e687173935ce5c923123632b09ddb39d02ed1a17bad245dc9169

    • SSDEEP

      1572864:Wvkl5gaKjQYMAyecr0gee0WEo7ik7o8V3o+iuHO3o68VWSsC6i+tpljsv96sf9MV:WvklKHXyb0qoo7iio8V4PcZS5J+Ff3Cb

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

MITRE ATT&CK Enterprise v15

Tasks