General
-
Target
NOESCAPEPYTHON.EXE
-
Size
25.1MB
-
Sample
231121-1zr5hahf2t
-
MD5
92615639eff97ae09921c3326a683dba
-
SHA1
36e1be8e3f85da6a2522c801b1c3818f14541050
-
SHA256
5c63cfba1e1929ecbc2725145f40ab7f5db83524a8cd6ddf05a527ced3d293cb
-
SHA512
202b4755759e779c28fa37189b6caf3269e14d0177d4c7a9a24012c6005b2a61e7a1f03ecd46a414f6026b9259cac197bb31786b513a38f54281f8c570a00865
-
SSDEEP
786432:VlZ5MxkYajK4Hd/kSJiAkNpNuq7T8fQpW+E/wQFju1vkSPc+:EkfjK49/kSJiAkXNumm2SBF0vl
Malware Config
Targets
-
-
Target
NOESCAPEPYTHON.EXE
-
Size
25.1MB
-
MD5
92615639eff97ae09921c3326a683dba
-
SHA1
36e1be8e3f85da6a2522c801b1c3818f14541050
-
SHA256
5c63cfba1e1929ecbc2725145f40ab7f5db83524a8cd6ddf05a527ced3d293cb
-
SHA512
202b4755759e779c28fa37189b6caf3269e14d0177d4c7a9a24012c6005b2a61e7a1f03ecd46a414f6026b9259cac197bb31786b513a38f54281f8c570a00865
-
SSDEEP
786432:VlZ5MxkYajK4Hd/kSJiAkNpNuq7T8fQpW+E/wQFju1vkSPc+:EkfjK49/kSJiAkXNumm2SBF0vl
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2