General

  • Target

    d576e0520faa40435d5bdc66304205f9.bin

  • Size

    343KB

  • Sample

    240304-eshrlaad38

  • MD5

    d576e0520faa40435d5bdc66304205f9

  • SHA1

    b99fce6ebd094e2cbc29e1ed4e47360781e86c47

  • SHA256

    2b6266f14d2ed46e921168fd2b4a5510f40c69cd591800d17ae8ca31fcde28c6

  • SHA512

    6b60a287f3eefbf2c0f2b0f205e88c4ce5a5aad050f59ff5fd1bc8017322039963f51bdd72b0922ec08880ae5da17286c04418c44dd996f0fb7b585f376f4c98

  • SSDEEP

    6144:ab+co0222222222222222222222222222222222222222222222222222222222w:jjkyOZzv4TatsNqaJg

Malware Config

Targets

    • Target

      d576e0520faa40435d5bdc66304205f9.bin

    • Size

      343KB

    • MD5

      d576e0520faa40435d5bdc66304205f9

    • SHA1

      b99fce6ebd094e2cbc29e1ed4e47360781e86c47

    • SHA256

      2b6266f14d2ed46e921168fd2b4a5510f40c69cd591800d17ae8ca31fcde28c6

    • SHA512

      6b60a287f3eefbf2c0f2b0f205e88c4ce5a5aad050f59ff5fd1bc8017322039963f51bdd72b0922ec08880ae5da17286c04418c44dd996f0fb7b585f376f4c98

    • SSDEEP

      6144:ab+co0222222222222222222222222222222222222222222222222222222222w:jjkyOZzv4TatsNqaJg

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Checks whether UAC is enabled

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks