General
-
Target
bf7236781c8862d134ca76a8b9b3fd6da909f00cf273911f14b0e35bd1cb85de
-
Size
5.5MB
-
Sample
231114-xva4msfh5x
-
MD5
c272ce133eee20b276b452ea1022d2ba
-
SHA1
aec968bb84702392cd73591ed2a5d45073405389
-
SHA256
bf7236781c8862d134ca76a8b9b3fd6da909f00cf273911f14b0e35bd1cb85de
-
SHA512
090b418563e5df2d4c58092bbf0ecd6cfce7a6623fb7ee9916b1b7152c9ca6c54b375624d9897cb0d9d999fbc15f030f8919cd1b1cb226fc9652094997258063
-
SSDEEP
6144:ch3rzMYXh+02d1r5ZTYnmL6Rbc0i3wANv4hituxp38u0:2rgQmd195KmL6R40igANv4h8u/8
Malware Config
Targets
-
-
Target
bf7236781c8862d134ca76a8b9b3fd6da909f00cf273911f14b0e35bd1cb85de
-
Size
5.5MB
-
MD5
c272ce133eee20b276b452ea1022d2ba
-
SHA1
aec968bb84702392cd73591ed2a5d45073405389
-
SHA256
bf7236781c8862d134ca76a8b9b3fd6da909f00cf273911f14b0e35bd1cb85de
-
SHA512
090b418563e5df2d4c58092bbf0ecd6cfce7a6623fb7ee9916b1b7152c9ca6c54b375624d9897cb0d9d999fbc15f030f8919cd1b1cb226fc9652094997258063
-
SSDEEP
6144:ch3rzMYXh+02d1r5ZTYnmL6Rbc0i3wANv4hituxp38u0:2rgQmd195KmL6R40igANv4h8u/8
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1