General

  • Target

    ElementsAgentInstaller[BYVK-NYU4-DL3R-VZJV-G696].exe

  • Size

    2.0MB

  • Sample

    230613-mhzlcsgc8s

  • MD5

    a51f4e14730c5163e9357bd73e1652cf

  • SHA1

    54017fa7a8458b35911f3dda6003099be0f15010

  • SHA256

    540648ecfe0eabafece03e2406821346ec221517f4d211bbd4b862f7af200842

  • SHA512

    9b2373eb248a96540d3a254f02807c377c3b0a1f4ff4dd20c55966052f6fbe72f72d34f2486e16bd2ca9574489d715246961505e4f15aadeb0cdcac5d88b9596

  • SSDEEP

    49152:f5tChfbOEvz3OR5xutMfkfSsqO6RP4ffkfSsqO6RP4JLCB:fsjOEvz3OifSsqOpEfSsqOp4

Malware Config

Targets

    • Target

      ElementsAgentInstaller[BYVK-NYU4-DL3R-VZJV-G696].exe

    • Size

      2.0MB

    • MD5

      a51f4e14730c5163e9357bd73e1652cf

    • SHA1

      54017fa7a8458b35911f3dda6003099be0f15010

    • SHA256

      540648ecfe0eabafece03e2406821346ec221517f4d211bbd4b862f7af200842

    • SHA512

      9b2373eb248a96540d3a254f02807c377c3b0a1f4ff4dd20c55966052f6fbe72f72d34f2486e16bd2ca9574489d715246961505e4f15aadeb0cdcac5d88b9596

    • SSDEEP

      49152:f5tChfbOEvz3OR5xutMfkfSsqO6RP4ffkfSsqO6RP4JLCB:fsjOEvz3OifSsqOpEfSsqOp4

    • Blocklisted process makes network request

    • Modifies RDP port number used by Windows

    • Modifies file permissions

    • Checks for any installed AV software in registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks