General
-
Target
44dc942677e75933760dd468f991484daa89de0d4ba93b7564a19c9fe3bd5993
-
Size
320KB
-
Sample
231114-xkyrysef9w
-
MD5
9b861f6866eff9136f10a9c87509ed5b
-
SHA1
151af021a3e1e1425c25df510144d908b07c416b
-
SHA256
44dc942677e75933760dd468f991484daa89de0d4ba93b7564a19c9fe3bd5993
-
SHA512
ee5f0914745b29a76b81f9ffebafe0194f7309982d5dc8b0d60971a4e4dfca35f582b6204171979ce6354900f7169750358858c9d629a2a5a9f510f7690f8920
-
SSDEEP
6144:gTwZo1IV3puaibGKFHi0mofhaH05kipz016580bHFbl86JQPDHDdx/QtqR:uXgvmzFHi0mo5aH0qMzd5807FRPJQPDV
Malware Config
Targets
-
-
Target
44dc942677e75933760dd468f991484daa89de0d4ba93b7564a19c9fe3bd5993
-
Size
320KB
-
MD5
9b861f6866eff9136f10a9c87509ed5b
-
SHA1
151af021a3e1e1425c25df510144d908b07c416b
-
SHA256
44dc942677e75933760dd468f991484daa89de0d4ba93b7564a19c9fe3bd5993
-
SHA512
ee5f0914745b29a76b81f9ffebafe0194f7309982d5dc8b0d60971a4e4dfca35f582b6204171979ce6354900f7169750358858c9d629a2a5a9f510f7690f8920
-
SSDEEP
6144:gTwZo1IV3puaibGKFHi0mofhaH05kipz016580bHFbl86JQPDHDdx/QtqR:uXgvmzFHi0mo5aH0qMzd5807FRPJQPDV
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1