General

  • Target

    Eleven.exe

  • Size

    31KB

  • Sample

    240513-e934vshh5w

  • MD5

    4caf72b4536700e12214fa1721bf54d7

  • SHA1

    6baf706e93a320118a95a4a442137c9080000e8d

  • SHA256

    808f45e1d033ec8b120e75339ba896ffa52691b3d9cd4a2d4c0fadb0ede9ffb2

  • SHA512

    480154b51b2bee339175e45aa27338f5152849e05374e9d11cbe70ac70c00af25bd009d9e74937607d00574f1696e62c3d48ab6ef57c6061161f9ca2b452418f

  • SSDEEP

    384:aWCJ4vgjaGZy8ILvnk+X6EA+t/U7Oy+Q6HUN2s682FN/mb9pM1HjqMjyK6xNORtZ:aivUEK+OOyaUksmHObMF4YRrhf4K

Malware Config

Targets

    • Target

      Eleven.exe

    • Size

      31KB

    • MD5

      4caf72b4536700e12214fa1721bf54d7

    • SHA1

      6baf706e93a320118a95a4a442137c9080000e8d

    • SHA256

      808f45e1d033ec8b120e75339ba896ffa52691b3d9cd4a2d4c0fadb0ede9ffb2

    • SHA512

      480154b51b2bee339175e45aa27338f5152849e05374e9d11cbe70ac70c00af25bd009d9e74937607d00574f1696e62c3d48ab6ef57c6061161f9ca2b452418f

    • SSDEEP

      384:aWCJ4vgjaGZy8ILvnk+X6EA+t/U7Oy+Q6HUN2s682FN/mb9pM1HjqMjyK6xNORtZ:aivUEK+OOyaUksmHObMF4YRrhf4K

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks