General
-
Target
powercfg.msi
-
Size
953KB
-
Sample
231012-ctv27sac4w
-
MD5
aa6c669c39d9be8b6289f10daafba6f3
-
SHA1
a7a73bd177b58847f42dae48da443e33482dd337
-
SHA256
c5bf02c8c23dbf8798d87fad91ea44a3153fc1026248bd931f360ba0d6c5989e
-
SHA512
1a7a272e63beda9b887158e8187c5d8a2351b21fdf912951555cf0db9f693a4c92dec4628c9ffe2e535d7fb869e03c12eb236dc8fd21e2118ed1bf193a010e93
-
SSDEEP
24576:m7bYOINVUuD6yS1wGbXpsHzCsa1fLK/hVrA:m7bYO+UuD6ySaGbX+H9at+hVrA
Malware Config
Targets
-
-
Target
powercfg.msi
-
Size
953KB
-
MD5
aa6c669c39d9be8b6289f10daafba6f3
-
SHA1
a7a73bd177b58847f42dae48da443e33482dd337
-
SHA256
c5bf02c8c23dbf8798d87fad91ea44a3153fc1026248bd931f360ba0d6c5989e
-
SHA512
1a7a272e63beda9b887158e8187c5d8a2351b21fdf912951555cf0db9f693a4c92dec4628c9ffe2e535d7fb869e03c12eb236dc8fd21e2118ed1bf193a010e93
-
SSDEEP
24576:m7bYOINVUuD6yS1wGbXpsHzCsa1fLK/hVrA:m7bYO+UuD6ySaGbX+H9at+hVrA
Score10/10-
UAC bypass
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
2Modify Registry
2