General
-
Target
57a23c1f468920c8ec393ad8e029d906fb1c8dcf26a83fde132a8919b35cd06b
-
Size
181KB
-
Sample
221019-sqsqnsdgdj
-
MD5
91f6b90fc19be94b62bb3ec2ff60fc30
-
SHA1
ed92e88998bf8ed11994291fbdcdebf7272249fa
-
SHA256
57a23c1f468920c8ec393ad8e029d906fb1c8dcf26a83fde132a8919b35cd06b
-
SHA512
ac874cbc96dcda332b4bc87b2bde9d81c67300e4aaa6315da45016ac5ff45c40505c98c44311f9ef8c1cbed11d58ac29e34b3d0652a19266348f6715ea8104fc
-
SSDEEP
1536:bTRRRRRRRRRRRRRRRRRRRRRRRVjxxxxxxxxxxxxxxxxx96df:bD6F
Static task
static1
Behavioral task
behavioral1
Sample
57a23c1f468920c8ec393ad8e029d906fb1c8dcf26a83fde132a8919b35cd06b.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
57a23c1f468920c8ec393ad8e029d906fb1c8dcf26a83fde132a8919b35cd06b.vbs
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
57a23c1f468920c8ec393ad8e029d906fb1c8dcf26a83fde132a8919b35cd06b
-
Size
181KB
-
MD5
91f6b90fc19be94b62bb3ec2ff60fc30
-
SHA1
ed92e88998bf8ed11994291fbdcdebf7272249fa
-
SHA256
57a23c1f468920c8ec393ad8e029d906fb1c8dcf26a83fde132a8919b35cd06b
-
SHA512
ac874cbc96dcda332b4bc87b2bde9d81c67300e4aaa6315da45016ac5ff45c40505c98c44311f9ef8c1cbed11d58ac29e34b3d0652a19266348f6715ea8104fc
-
SSDEEP
1536:bTRRRRRRRRRRRRRRRRRRRRRRRVjxxxxxxxxxxxxxxxxx96df:bD6F
-
Modifies visiblity of hidden/system files in Explorer
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Hidden Files and Directories
3Account Manipulation
1Registry Run Keys / Startup Folder
1Modify Existing Service
1