General
-
Target
SecuriteInfo.com.Win64.PWSX-gen.17352.24153
-
Size
739KB
-
Sample
240501-twlpzsba8x
-
MD5
120f43da8f3b2b7f24d2b509d197a885
-
SHA1
bb27a97f1c6e012b470e5035821bdad604037267
-
SHA256
ebe535e02ec19a129be4434bfa18f1fceed895db2befd06ec711594f44481990
-
SHA512
66bc3a9c4b4e115bbd9df2f6b0c8eef539e0cb2bc36042785dacbb24b0dccd6b66c00e647a71e8c8a9e5c2913b17f1527b689afb77a305d48164745f74457f7b
-
SSDEEP
12288:c5lgDBfevt7xVz/0yM5XxNfLG4KDGEoZ/ifs76cFaaxS3/KTX9xnOEp:eKDBfevlfz/0yMrNfa4WLVcw2S3sTTp
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win64.PWSX-gen.17352.24153
-
Size
739KB
-
MD5
120f43da8f3b2b7f24d2b509d197a885
-
SHA1
bb27a97f1c6e012b470e5035821bdad604037267
-
SHA256
ebe535e02ec19a129be4434bfa18f1fceed895db2befd06ec711594f44481990
-
SHA512
66bc3a9c4b4e115bbd9df2f6b0c8eef539e0cb2bc36042785dacbb24b0dccd6b66c00e647a71e8c8a9e5c2913b17f1527b689afb77a305d48164745f74457f7b
-
SSDEEP
12288:c5lgDBfevt7xVz/0yM5XxNfLG4KDGEoZ/ifs76cFaaxS3/KTX9xnOEp:eKDBfevlfz/0yMrNfa4WLVcw2S3sTTp
Score10/10-
UAC bypass
-
Windows security bypass
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1