General
-
Target
NoEscape.exe.zip
-
Size
13.5MB
-
Sample
231001-j17g5shf4y
-
MD5
660708319a500f1865fa9d2fadfa712d
-
SHA1
b2ae3aef17095ab26410e0f1792a379a4a2966f8
-
SHA256
542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c
-
SHA512
18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517
-
SSDEEP
393216:BATeK1bYlJbM9tAlAkRCnG7H+KlzMNCPm5lvvayDPk15DBJ:BoX16blXonYeKdKCPGayDPiJ
Malware Config
Targets
-
-
Target
NoEscape.exe/NoEscape.exe-Latest Version/NoEscape.exe
-
Size
666KB
-
MD5
989ae3d195203b323aa2b3adf04e9833
-
SHA1
31a45521bc672abcf64e50284ca5d4e6b3687dc8
-
SHA256
d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
-
SHA512
e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305
-
SSDEEP
12288:85J5X487qJUtcWfkVJ6g5s/cD01oKHQyis2AePsr8nP712TB:s487pcZEgwcDpg1L2tbPR2t
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
-
-
Target
NoEscape.exe/NoEscape.exe-Latest Version/vc_redist.x86.exe
-
Size
13.1MB
-
MD5
1a15e6606bac9647e7ad3caa543377cf
-
SHA1
bfb74e498c44d3a103ca3aa2831763fb417134d1
-
SHA256
fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
-
SHA512
e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd
-
SSDEEP
393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Winlogon Helper DLL
2