General
-
Target
sample
-
Size
19KB
-
Sample
240429-w4232shd98
-
MD5
155383b1a549d9cf7f894c2fb8e7f02c
-
SHA1
db8478f15c56734fd38a307a7018ee9836db0bb4
-
SHA256
d8c74c6c5039fb5067b95a56e8ebcd9af7abcb3198440adb2e01ee44e94a879d
-
SHA512
2d22d66a5214e7f7715a3a3ab6f032c3f86820c11f1654a89a8ee41fdf8bc580388f64e59b8460e8e9414a3f7c33c9da81007de10b8664ca61c7810e075a5cd9
-
SSDEEP
384:rEDpmReVoOs4mi9ylKeGM8U8Hhhbsv27JS2LjMrSY+RVJCBXQL:rEBVoOs4mmyI1M2BhbGoxMrSBJQQL
Malware Config
Targets
-
-
Target
sample
-
Size
19KB
-
MD5
155383b1a549d9cf7f894c2fb8e7f02c
-
SHA1
db8478f15c56734fd38a307a7018ee9836db0bb4
-
SHA256
d8c74c6c5039fb5067b95a56e8ebcd9af7abcb3198440adb2e01ee44e94a879d
-
SHA512
2d22d66a5214e7f7715a3a3ab6f032c3f86820c11f1654a89a8ee41fdf8bc580388f64e59b8460e8e9414a3f7c33c9da81007de10b8664ca61c7810e075a5cd9
-
SSDEEP
384:rEDpmReVoOs4mi9ylKeGM8U8Hhhbsv27JS2LjMrSY+RVJCBXQL:rEBVoOs4mmyI1M2BhbGoxMrSBJQQL
Score10/10-
UAC bypass
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1