General
-
Target
4f98df651b28addad7b1e43b8bb6031a73dfa775b9c1173543f556b878960a06
-
Size
2.1MB
-
Sample
231114-x2pklsgg31
-
MD5
925120ca1f893c2ff3a807aa0b5033f8
-
SHA1
26018f04a3861ac870034b1b416851e84ecd7d50
-
SHA256
4f98df651b28addad7b1e43b8bb6031a73dfa775b9c1173543f556b878960a06
-
SHA512
5cea0aa7c895f85bc598ec7076b7697393e1cb91cb7da6941ee62b33886e14850e4efc21edd156021157d739a8bb76525d125e8db060e71e25cc594afac5ef7e
-
SSDEEP
6144:a3ue8ySm8hQAAIfFrRXuEE+0l97mKwKYqHVCR4486JQPDHDdx/Qtqa:q/zkFF+EExZmKbYuVMVPJQPDHvd
Malware Config
Targets
-
-
Target
4f98df651b28addad7b1e43b8bb6031a73dfa775b9c1173543f556b878960a06
-
Size
2.1MB
-
MD5
925120ca1f893c2ff3a807aa0b5033f8
-
SHA1
26018f04a3861ac870034b1b416851e84ecd7d50
-
SHA256
4f98df651b28addad7b1e43b8bb6031a73dfa775b9c1173543f556b878960a06
-
SHA512
5cea0aa7c895f85bc598ec7076b7697393e1cb91cb7da6941ee62b33886e14850e4efc21edd156021157d739a8bb76525d125e8db060e71e25cc594afac5ef7e
-
SSDEEP
6144:a3ue8ySm8hQAAIfFrRXuEE+0l97mKwKYqHVCR4486JQPDHDdx/Qtqa:q/zkFF+EExZmKbYuVMVPJQPDHvd
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1