General

  • Target

    Eleven.exe

  • Size

    31KB

  • Sample

    240513-e724sach62

  • MD5

    dfd9185308b74530ce2b95c26918931b

  • SHA1

    a146603e444dfcdfa1b346c987023a2469bb5789

  • SHA256

    a9ae78336939dd59b2b757ae06eaa67961845d9032e0aa75637a80da1c164d41

  • SHA512

    274e57aafbec72a53eab601b187f69c789adee5cf66bada8d4a52f43106724900dcc35107986cd455167213386866a0a49c62cab2a02571edb9cac8a318462f3

  • SSDEEP

    768:buv4fwn0Ngk+QOp7wh6+qIeU1ObMF4MhOKK:blfWULOBbTIeUkbMG

Malware Config

Targets

    • Target

      Eleven.exe

    • Size

      31KB

    • MD5

      dfd9185308b74530ce2b95c26918931b

    • SHA1

      a146603e444dfcdfa1b346c987023a2469bb5789

    • SHA256

      a9ae78336939dd59b2b757ae06eaa67961845d9032e0aa75637a80da1c164d41

    • SHA512

      274e57aafbec72a53eab601b187f69c789adee5cf66bada8d4a52f43106724900dcc35107986cd455167213386866a0a49c62cab2a02571edb9cac8a318462f3

    • SSDEEP

      768:buv4fwn0Ngk+QOp7wh6+qIeU1ObMF4MhOKK:blfWULOBbTIeUkbMG

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks