General
-
Target
ka.exe
-
Size
1.3MB
-
Sample
250201-g2k97avlam
-
MD5
2e0827867a5d6d443f13b5734bb34f25
-
SHA1
abc9c26b88bf37571dcb342a89d6c185dab72062
-
SHA256
19e5abfc57e4969d264f332ccfd5d3f66fd288169e96acf40b6268f8e224ba77
-
SHA512
0d07a3ad39f143688d032088b970c199cf8015622c75290191c2370c5721204d545ac214cca56d2cf532e61f2550d15606cd389e0457e7480866f4df6f320967
-
SSDEEP
24576:WXT4A/dXgFI65Ux5PYgMBLVYyLJDI8kz5/gtY6v/87xaVUhffpE0vwYBb:WXMA1XgF06gGLVYuJDI8kz5YtY6WhfW6
Malware Config
Targets
-
-
Target
ka.exe
-
Size
1.3MB
-
MD5
2e0827867a5d6d443f13b5734bb34f25
-
SHA1
abc9c26b88bf37571dcb342a89d6c185dab72062
-
SHA256
19e5abfc57e4969d264f332ccfd5d3f66fd288169e96acf40b6268f8e224ba77
-
SHA512
0d07a3ad39f143688d032088b970c199cf8015622c75290191c2370c5721204d545ac214cca56d2cf532e61f2550d15606cd389e0457e7480866f4df6f320967
-
SSDEEP
24576:WXT4A/dXgFI65Ux5PYgMBLVYyLJDI8kz5/gtY6v/87xaVUhffpE0vwYBb:WXMA1XgF06gGLVYuJDI8kz5YtY6WhfW6
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2