General
-
Target
Telesetup.msi
-
Size
90.9MB
-
Sample
230823-d673zahd77
-
MD5
b5c67913c8b2b41ca23b7cdda9c77d5d
-
SHA1
4cc23470dd88f05b71677839e577c45ecf115b03
-
SHA256
4222303a43daea00b3cb9515dcb48b60d71a28152da00de9747e9eea850b2da1
-
SHA512
bd555dc2aeb10a1e31c5f745b0cc126d25e9a46b38d4486cc540b55e2bb78ab13987d1747157606eed965b9d569e617bcab0b718053d7e36128e440565932b1c
-
SSDEEP
1572864:tCKawy0JEFm4X+8fXIA9nd+ckiMos0ZhnRfJcnKlujuDZbrkXI90K8geit54ALJ4:tCKRl18vFnx7DPZhngnKlujwbY49z1yI
Malware Config
Targets
-
-
Target
Telesetup.msi
-
Size
90.9MB
-
MD5
b5c67913c8b2b41ca23b7cdda9c77d5d
-
SHA1
4cc23470dd88f05b71677839e577c45ecf115b03
-
SHA256
4222303a43daea00b3cb9515dcb48b60d71a28152da00de9747e9eea850b2da1
-
SHA512
bd555dc2aeb10a1e31c5f745b0cc126d25e9a46b38d4486cc540b55e2bb78ab13987d1747157606eed965b9d569e617bcab0b718053d7e36128e440565932b1c
-
SSDEEP
1572864:tCKawy0JEFm4X+8fXIA9nd+ckiMos0ZhnRfJcnKlujuDZbrkXI90K8geit54ALJ4:tCKRl18vFnx7DPZhngnKlujwbY49z1yI
Score10/10-
UAC bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1