General
-
Target
SecuriteInfo.com.Trojan.MulDrop25.25973.30466.10337.exe
-
Size
14KB
-
Sample
240212-ycc1ysch49
-
MD5
a89f5a781a4d5153ca31ed64ce27b379
-
SHA1
1a3732ebede98e63d6e95d8634d11728eca61c29
-
SHA256
edeb7fa25c34426f14f1a4fe13bdcd7b0f3a3d6291e6ca883fe7b9a7503d622d
-
SHA512
acaaefb81e8c4305cf3c400d0066117208bc3b8266ddc0f05013a1bc6426ca7b8e7132ed6469dd7920fdb4b591ae087a9e79b5af7241a52a9242331f1bed2b74
-
SSDEEP
384:dQ8wvUmai/zbM/XygkxOu6cyhLWqYv1fdlSW:djkUHi7blHhyhi9R
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.MulDrop25.25973.30466.10337.exe
-
Size
14KB
-
MD5
a89f5a781a4d5153ca31ed64ce27b379
-
SHA1
1a3732ebede98e63d6e95d8634d11728eca61c29
-
SHA256
edeb7fa25c34426f14f1a4fe13bdcd7b0f3a3d6291e6ca883fe7b9a7503d622d
-
SHA512
acaaefb81e8c4305cf3c400d0066117208bc3b8266ddc0f05013a1bc6426ca7b8e7132ed6469dd7920fdb4b591ae087a9e79b5af7241a52a9242331f1bed2b74
-
SSDEEP
384:dQ8wvUmai/zbM/XygkxOu6cyhLWqYv1fdlSW:djkUHi7blHhyhi9R
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1