General
-
Target
a178083977255560a5e3b886e4f79ce7
-
Size
2.0MB
-
Sample
240224-kznt3sgb3v
-
MD5
a178083977255560a5e3b886e4f79ce7
-
SHA1
9c59fec6a7d2559db0566ef5adc93740dcc67bad
-
SHA256
9da45c1414fde84e01fbe21e66ab691b1201aaa24c72f8575f5dec3f0fbd23b8
-
SHA512
1136f7e5bd5f062fe1249db4d8bddab33f848bb3c901bcde1cdf33f0f7761f104156e5799c64b4e65cf2235d404b1114a246faac5a811b992b222387f80942af
-
SSDEEP
49152:Dtq2uoGFcKkmE7BRCp4u3e3S5y1Shi35U0thsf:Dduo4cKkmISZe371SgJB4
Malware Config
Extracted
http://galaint.coolsecupdate.info/?0=154&1=1&2=1&3=38&4=i&5=9200&6=6&7=2&8=919041&9=1033&10=0&11=0000&12=yvcpifbvek&14=1
Targets
-
-
Target
a178083977255560a5e3b886e4f79ce7
-
Size
2.0MB
-
MD5
a178083977255560a5e3b886e4f79ce7
-
SHA1
9c59fec6a7d2559db0566ef5adc93740dcc67bad
-
SHA256
9da45c1414fde84e01fbe21e66ab691b1201aaa24c72f8575f5dec3f0fbd23b8
-
SHA512
1136f7e5bd5f062fe1249db4d8bddab33f848bb3c901bcde1cdf33f0f7761f104156e5799c64b4e65cf2235d404b1114a246faac5a811b992b222387f80942af
-
SSDEEP
49152:Dtq2uoGFcKkmE7BRCp4u3e3S5y1Shi35U0thsf:Dduo4cKkmISZe371SgJB4
Score10/10-
UAC bypass
-
Disables taskbar notifications via registry modification
-
Sets file execution options in registry
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1