General

  • Target

    af6a6af58650a9d373f18ac7cb92619455963fd7743dc8e74aa7c6b26d278aee

  • Size

    94KB

  • Sample

    241117-kanssavmbv

  • MD5

    0b97ed69e5f469d01db15d0d0112a908

  • SHA1

    85cc1384b80f29b3857e7b461c8a58f95bf728f4

  • SHA256

    af6a6af58650a9d373f18ac7cb92619455963fd7743dc8e74aa7c6b26d278aee

  • SHA512

    7e8c7588c5e6b517223dcabbc23c600d5fb9a9fc43e96ddd9bf40d0a08df820ad1eacdc275799aa5d933f9521dc15dfaf3d2a81c09362f3b3484c3f629a41829

  • SSDEEP

    1536:PGYU/W2/HG6QMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7Q:PfU/WF6QMauSuiWNi9CO+WARJrWNZW

Malware Config

Targets

    • Target

      af6a6af58650a9d373f18ac7cb92619455963fd7743dc8e74aa7c6b26d278aee

    • Size

      94KB

    • MD5

      0b97ed69e5f469d01db15d0d0112a908

    • SHA1

      85cc1384b80f29b3857e7b461c8a58f95bf728f4

    • SHA256

      af6a6af58650a9d373f18ac7cb92619455963fd7743dc8e74aa7c6b26d278aee

    • SHA512

      7e8c7588c5e6b517223dcabbc23c600d5fb9a9fc43e96ddd9bf40d0a08df820ad1eacdc275799aa5d933f9521dc15dfaf3d2a81c09362f3b3484c3f629a41829

    • SSDEEP

      1536:PGYU/W2/HG6QMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7Q:PfU/WF6QMauSuiWNi9CO+WARJrWNZW

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks