General
-
Target
969b2dabe6080bc2da7236a0d455ced7
-
Size
480KB
-
Sample
240212-h86p5sfe8s
-
MD5
969b2dabe6080bc2da7236a0d455ced7
-
SHA1
f2b4c9c70bbb5e11ec823846ad88a20c235775cd
-
SHA256
4e7ae8c1b57d2178d7014c18b11a0d9ff1444f07d513ea8fdfa5af7a11f02873
-
SHA512
1218dab072f3144304196c98f1b3c0494448929b8e6be35d5db88ef3dee0d0c12191f8cf3c94d8287195cde1af9a2a910a230d2e96f987e196e34ba00ae247c0
-
SSDEEP
6144:Kjg5pk1GS0xX3lPtbNN/DNRgkpiZzjhDQ0oeGF91YVusYJx+9sisyYpFTOOzHTvP:Kg5pBHxXptbN5ZRgOiBjw/C0AWzFjPvP
Malware Config
Targets
-
-
Target
969b2dabe6080bc2da7236a0d455ced7
-
Size
480KB
-
MD5
969b2dabe6080bc2da7236a0d455ced7
-
SHA1
f2b4c9c70bbb5e11ec823846ad88a20c235775cd
-
SHA256
4e7ae8c1b57d2178d7014c18b11a0d9ff1444f07d513ea8fdfa5af7a11f02873
-
SHA512
1218dab072f3144304196c98f1b3c0494448929b8e6be35d5db88ef3dee0d0c12191f8cf3c94d8287195cde1af9a2a910a230d2e96f987e196e34ba00ae247c0
-
SSDEEP
6144:Kjg5pk1GS0xX3lPtbNN/DNRgkpiZzjhDQ0oeGF91YVusYJx+9sisyYpFTOOzHTvP:Kg5pBHxXptbN5ZRgOiBjw/C0AWzFjPvP
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1