General

  • Target

    VoicemodInstaller_3.7.8-kh11un.exe

  • Size

    126.8MB

  • Sample

    250119-mvplxsvnep

  • MD5

    d71cb8d63a1f99f93638fdd6890c554d

  • SHA1

    8cb8b9e2df38ddf9a9842ab98dea899eac968aa8

  • SHA256

    973bb4a7567f10c67d2b7b0d80ee5511874bd3ee5506efa636428e56591a2f47

  • SHA512

    754471ab64f6178e70707b9646abf4492e4f7f8203c74cd26d6fe3b854a0b9b5511d3ecadeb26b66c59c37720ad59060b3d2469343422c8285ef5bfe77799c27

  • SSDEEP

    3145728:zKsh8BVxjkEmNkRrbuo9CITb0OOQoGPm+bDHQQLCIt16:ztoFNmWlbuuCwbq3+/Q1

Malware Config

Targets

    • Target

      VoicemodInstaller_3.7.8-kh11un.exe

    • Size

      126.8MB

    • MD5

      d71cb8d63a1f99f93638fdd6890c554d

    • SHA1

      8cb8b9e2df38ddf9a9842ab98dea899eac968aa8

    • SHA256

      973bb4a7567f10c67d2b7b0d80ee5511874bd3ee5506efa636428e56591a2f47

    • SHA512

      754471ab64f6178e70707b9646abf4492e4f7f8203c74cd26d6fe3b854a0b9b5511d3ecadeb26b66c59c37720ad59060b3d2469343422c8285ef5bfe77799c27

    • SSDEEP

      3145728:zKsh8BVxjkEmNkRrbuo9CITb0OOQoGPm+bDHQQLCIt16:ztoFNmWlbuuCwbq3+/Q1

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Modifies Windows Firewall

    • Drops file in System32 directory

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks