General

  • Target

    c4290abc9b05d22cb4112768759acf854f881d08e697528fa2549740f89b9d75.exe

  • Size

    40KB

  • Sample

    240212-fq5zsacg6y

  • MD5

    fcb6adcf738982cca1afdf3710ba489b

  • SHA1

    5b62a4044f9598085ea48d1984d901c85ec88723

  • SHA256

    c4290abc9b05d22cb4112768759acf854f881d08e697528fa2549740f89b9d75

  • SHA512

    40d64e13d0d34efeb1c1c3dc4f3755a393aab85baa2e29f3f9587300d3142d68cc4eb00fe274b2337b4cd1d3a2fa89bdf484fd0c484d36abe2cdd89d26142b4e

  • SSDEEP

    768:Gro0B38UZCob4fgl4zmzU6+8NaL7oRoEOqBEFiRmmY:GJsI0gl4zYQ7aoEOUeiZY

Malware Config

Targets

    • Target

      c4290abc9b05d22cb4112768759acf854f881d08e697528fa2549740f89b9d75.exe

    • Size

      40KB

    • MD5

      fcb6adcf738982cca1afdf3710ba489b

    • SHA1

      5b62a4044f9598085ea48d1984d901c85ec88723

    • SHA256

      c4290abc9b05d22cb4112768759acf854f881d08e697528fa2549740f89b9d75

    • SHA512

      40d64e13d0d34efeb1c1c3dc4f3755a393aab85baa2e29f3f9587300d3142d68cc4eb00fe274b2337b4cd1d3a2fa89bdf484fd0c484d36abe2cdd89d26142b4e

    • SSDEEP

      768:Gro0B38UZCob4fgl4zmzU6+8NaL7oRoEOqBEFiRmmY:GJsI0gl4zYQ7aoEOUeiZY

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

    • UAC bypass

    • Windows security bypass

    • Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects executables containing artifacts associated with disabling Widnows Defender

    • Detects executables embedding command execution via IExecuteCommand COM object

    • Detects executables potentially checking for WinJail sandbox window

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks