General
-
Target
Eleven.exe
-
Size
31KB
-
Sample
240513-e724sach62
-
MD5
dfd9185308b74530ce2b95c26918931b
-
SHA1
a146603e444dfcdfa1b346c987023a2469bb5789
-
SHA256
a9ae78336939dd59b2b757ae06eaa67961845d9032e0aa75637a80da1c164d41
-
SHA512
274e57aafbec72a53eab601b187f69c789adee5cf66bada8d4a52f43106724900dcc35107986cd455167213386866a0a49c62cab2a02571edb9cac8a318462f3
-
SSDEEP
768:buv4fwn0Ngk+QOp7wh6+qIeU1ObMF4MhOKK:blfWULOBbTIeUkbMG
Static task
static1
Behavioral task
behavioral1
Sample
Eleven.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Eleven.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Eleven.exe
-
Size
31KB
-
MD5
dfd9185308b74530ce2b95c26918931b
-
SHA1
a146603e444dfcdfa1b346c987023a2469bb5789
-
SHA256
a9ae78336939dd59b2b757ae06eaa67961845d9032e0aa75637a80da1c164d41
-
SHA512
274e57aafbec72a53eab601b187f69c789adee5cf66bada8d4a52f43106724900dcc35107986cd455167213386866a0a49c62cab2a02571edb9cac8a318462f3
-
SSDEEP
768:buv4fwn0Ngk+QOp7wh6+qIeU1ObMF4MhOKK:blfWULOBbTIeUkbMG
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1