General
-
Target
No Escape.bin.zip
-
Size
732KB
-
Sample
240415-227hmsaf88
-
MD5
f3e55e13a4dbcdf16c568708dbc5daf6
-
SHA1
afc199bbef3541dda9799ced051032c4d2069f93
-
SHA256
6908369ae28ad684bb27158c62c690621d6ce0785c6368c12fe621d2186c3517
-
SHA512
c4223a25fabbad921c2f3558fca337d2f8e63e2ed95fce77dd386640beefd26895e8030efb1d4311d2d42d02c181c083ddd6ec7fb3594a36127e5fc7a7277242
-
SSDEEP
12288:gA32oGosqfEsYhc6Ts9+o8FC3y7ZOTEn3rhu0/Rn8seAB09ckPq4rH:gAm5DUAJY9BzQcTEn3rhnR8sH0BqyH
Malware Config
Targets
-
-
Target
No Escape.bin
-
Size
771KB
-
MD5
2782877418b44509fd306fd9afe43e39
-
SHA1
b0c18bdf782ca9c4fa41074f05458ce8e0f3961b
-
SHA256
56d612e014504c96bb92429c31eb93f40938015d422b35765912ac4e6bd3755b
-
SHA512
8826881b3ab406ee4c1fabd4848161f8524aeaeb7c4397384d36840f947ef95c8560850b2409fbf761ff225cdc8ac6eb875b705476fe9574b23c7a5478505a86
-
SSDEEP
24576:OeTrmlZGPL7NV9+VitFsQUxY8BGOdQSqZ:hT6KDrmIFsBJBG4XqZ
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1