General
-
Target
ElementsAgentInstaller[BYVK-NYU4-DL3R-VZJV-G696].exe
-
Size
2.0MB
-
Sample
230613-mhzlcsgc8s
-
MD5
a51f4e14730c5163e9357bd73e1652cf
-
SHA1
54017fa7a8458b35911f3dda6003099be0f15010
-
SHA256
540648ecfe0eabafece03e2406821346ec221517f4d211bbd4b862f7af200842
-
SHA512
9b2373eb248a96540d3a254f02807c377c3b0a1f4ff4dd20c55966052f6fbe72f72d34f2486e16bd2ca9574489d715246961505e4f15aadeb0cdcac5d88b9596
-
SSDEEP
49152:f5tChfbOEvz3OR5xutMfkfSsqO6RP4ffkfSsqO6RP4JLCB:fsjOEvz3OifSsqOpEfSsqOp4
Static task
static1
Behavioral task
behavioral1
Sample
ElementsAgentInstaller[BYVK-NYU4-DL3R-VZJV-G696].exe
Resource
win10v2004-20230220-es
Malware Config
Targets
-
-
Target
ElementsAgentInstaller[BYVK-NYU4-DL3R-VZJV-G696].exe
-
Size
2.0MB
-
MD5
a51f4e14730c5163e9357bd73e1652cf
-
SHA1
54017fa7a8458b35911f3dda6003099be0f15010
-
SHA256
540648ecfe0eabafece03e2406821346ec221517f4d211bbd4b862f7af200842
-
SHA512
9b2373eb248a96540d3a254f02807c377c3b0a1f4ff4dd20c55966052f6fbe72f72d34f2486e16bd2ca9574489d715246961505e4f15aadeb0cdcac5d88b9596
-
SSDEEP
49152:f5tChfbOEvz3OR5xutMfkfSsqO6RP4ffkfSsqO6RP4JLCB:fsjOEvz3OifSsqOpEfSsqOp4
Score8/10-
Blocklisted process makes network request
-
Modifies RDP port number used by Windows
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-