General
-
Target
Seven.zip
-
Size
1.1MB
-
Sample
240428-km1ywacb5z
-
MD5
00597ff0e5189386eced0f7f80f75740
-
SHA1
630637f4e6642f0a329771ea687a4bbf0387b786
-
SHA256
7a629fc7f59086081ad144864b904dec1d74465040e00b15064b7c3a116dcb57
-
SHA512
7ba444c8a64280f26471d0fa7d0ce5163d58ffa9d42145c0b5070e97dd2786463f806578f8b488c75d6f4838231f6597bcbab2cc07735e4ac31f113293156d3e
-
SSDEEP
24576:rwlcVsTOlMiL5u84WZAqX/Vlgkd4JjEs3NL+FTikmsNs4H+3h:rWTOlzo4Aq7Fd4tEsdLQTdsE+R
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
2012fe7781aa318a40a281515124d7ec
-
SHA1
74fa077a1ef0559e7a66f255257af313154765fe
-
SHA256
ae416ce6e95bbe4557d6e6101aad98b44993646fca90d38d284100fd89113b3e
-
SHA512
ce62d90422f7c2a1248ed9deb34df89af3aa5d91accc4494c1835ee5527984d3722a5cc65a93154a3907a1678573b016fb8cb4c5f8a2ed066ee0b0c8d06cd938
-
SSDEEP
24576:nAiJp30zOil50E0Wb8qj/Jlikdud9yadXv0FRAmm6xs:b30zP2+8qDHduDya9vKRvs
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1