General
-
Target
Seven.zip
-
Size
1.1MB
-
Sample
240428-kssvfscc5w
-
MD5
49a7d77307ab2bba8251938370dd9e63
-
SHA1
86caa50a203d2cb38d4e1c4b7ed46d3fe93fd9af
-
SHA256
e2a660103b4dd2d5f3b8fc5d14e5229f2c0043535e98e9c7ffddb892244bc639
-
SHA512
d6fea6b665f3a82debadde342e6cc564e39600d68104dcb7f6e0803350aec46b8101f862e7887703699c42c7e0b928e49af8690ee737ab62559565682062d3a4
-
SSDEEP
24576:r2dOzeu6Qiv5i5jW1iqx7flgWdGEFaKs/KdNqzuw8Ql8yPsO:ri3D4UiqDrdGEFaKsydwzDDPD
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
aef083d33bef7fb43e771cf8a46b004f
-
SHA1
c20d9b1101463d7b189f9e792b85ea4c4e7c0012
-
SHA256
5430b3d3c51697f402c3328658f5b51f3b9e84e5eaadc8a7a1b9b094e31769a9
-
SHA512
26f7f165fb2658ae95af901d5497b76acbff4382b79e57239bbbb7207cf6edc2b56612d3a0a4d976a4273f75349c3126e4307e936b8a4052f166f5da7d145ed7
-
SSDEEP
24576:xAiJqGqEiZ5ux7Wpuqj7NlGWdQCfagITUnLq5AAmu0U:+F5O4uq7xdQCfagIAn25kU
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1