General
-
Target
NO-ESCAPE
-
Size
238KB
-
Sample
240425-lydhdshf28
-
MD5
52a3b970fc646b36172fd8e3711e493c
-
SHA1
14a974bc3ac68df8b77b15dc1d02d47c698c99ab
-
SHA256
7c8bdbdb438ced23ff4aa760f7c2bf82586fd7fa28aad00179bfcbb5d38f2ad4
-
SHA512
6dc6bfade123c950acb3d10edd4d978c56ca9593114ff7d770612b23ec05335f852b67cc043fe62a4d341fa0755c562b8b7fceb1a0affba7d1f49e600b0518a0
-
SSDEEP
6144:jwQhiVSgE29xxskm0nayRo3y9ZvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0ZbtF:sQhiVSgE29xxskm0nayRo3y9ZvZJT3CT
Malware Config
Targets
-
-
Target
NO-ESCAPE
-
Size
238KB
-
MD5
52a3b970fc646b36172fd8e3711e493c
-
SHA1
14a974bc3ac68df8b77b15dc1d02d47c698c99ab
-
SHA256
7c8bdbdb438ced23ff4aa760f7c2bf82586fd7fa28aad00179bfcbb5d38f2ad4
-
SHA512
6dc6bfade123c950acb3d10edd4d978c56ca9593114ff7d770612b23ec05335f852b67cc043fe62a4d341fa0755c562b8b7fceb1a0affba7d1f49e600b0518a0
-
SSDEEP
6144:jwQhiVSgE29xxskm0nayRo3y9ZvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0ZbtF:sQhiVSgE29xxskm0nayRo3y9ZvZJT3CT
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1