General
-
Target
ab72be0af08ad2f2f022549212fc0c2794e4ac133b7898709585622cc7c63273
-
Size
3.9MB
-
Sample
231116-lnz9eaba9z
-
MD5
661937a186ac9a9ec9b6a9f62ea5f7b6
-
SHA1
de8fba525c952d009aa70a14c1ff833b45923a6d
-
SHA256
ab72be0af08ad2f2f022549212fc0c2794e4ac133b7898709585622cc7c63273
-
SHA512
b9e1b57c7d31d2f7be4d032b9951e0e05f1f47021a515b510bcfa255a4b4cbec1ef10e1dd79bb9846ac60e85070b8d20e6f81bf834db803b38eec5fdcfb5e685
-
SSDEEP
98304:K1X29SacJCl3Bw95kLLvE5Qb54Q1CgUi+LSOs0r4j:K1ySzJk3Bw9YvE+b6s2J0H
Malware Config
Targets
-
-
Target
ab72be0af08ad2f2f022549212fc0c2794e4ac133b7898709585622cc7c63273
-
Size
3.9MB
-
MD5
661937a186ac9a9ec9b6a9f62ea5f7b6
-
SHA1
de8fba525c952d009aa70a14c1ff833b45923a6d
-
SHA256
ab72be0af08ad2f2f022549212fc0c2794e4ac133b7898709585622cc7c63273
-
SHA512
b9e1b57c7d31d2f7be4d032b9951e0e05f1f47021a515b510bcfa255a4b4cbec1ef10e1dd79bb9846ac60e85070b8d20e6f81bf834db803b38eec5fdcfb5e685
-
SSDEEP
98304:K1X29SacJCl3Bw95kLLvE5Qb54Q1CgUi+LSOs0r4j:K1ySzJk3Bw9YvE+b6s2J0H
Score10/10-
UAC bypass
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1