General
-
Target
58f577a621dbd1dc99dde9f7859185ff
-
Size
36KB
-
Sample
240113-rys6qsaher
-
MD5
58f577a621dbd1dc99dde9f7859185ff
-
SHA1
d81935748dc7e171698b1a08f3bcc34abc7dbebf
-
SHA256
b3529c2f24cc7e45eaa53338029c191deda85c7f9dbe1ddcee1ebcd9c26fdb8b
-
SHA512
a9d0ad245616d3e6f397e2082158e93ba68eead7abca2266964bf52656249035f195182e44a03861fa3e2c93c89e5b88d7dc3da753956dae83fd07bcc8cda6d6
-
SSDEEP
384:FNXZO+aWeoKpryEQljYpum4YJ4ys2ZjI2oJ4A/pkvULTMgx91qjh/nP997MjgFor:Fq2JCQm4YmiZ3onx9Ejh/nV2jgejfD
Malware Config
Targets
-
-
Target
58f577a621dbd1dc99dde9f7859185ff
-
Size
36KB
-
MD5
58f577a621dbd1dc99dde9f7859185ff
-
SHA1
d81935748dc7e171698b1a08f3bcc34abc7dbebf
-
SHA256
b3529c2f24cc7e45eaa53338029c191deda85c7f9dbe1ddcee1ebcd9c26fdb8b
-
SHA512
a9d0ad245616d3e6f397e2082158e93ba68eead7abca2266964bf52656249035f195182e44a03861fa3e2c93c89e5b88d7dc3da753956dae83fd07bcc8cda6d6
-
SSDEEP
384:FNXZO+aWeoKpryEQljYpum4YJ4ys2ZjI2oJ4A/pkvULTMgx91qjh/nP997MjgFor:Fq2JCQm4YmiZ3onx9Ejh/nV2jgejfD
Score10/10-
UAC bypass
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1