General

  • Target

    Eleven.exe

  • Size

    32KB

  • Sample

    240513-fbn3qahh51

  • MD5

    70d0c8d7dc4db88b1397c2d8b3a631eb

  • SHA1

    fd96d0e7ac6b48f7df83671c8f4ee23fd441920c

  • SHA256

    402b8c78bd16dd3bb8584a9867adc65e0524ce4b850ca62ca22b6e6f37aa3a54

  • SHA512

    81e8dbccfd763dc17e458f41839a7061919f28727fa24377cb9ec9f7bb8cfae1d45f3cfbb8a49b506626ce05768b120933a39291f848fce7d545c20406a9ff88

  • SSDEEP

    384:fWC14vKQBK5v1Zy8ILvnk+9A+12JCMYaa9l2IZn/KPnKU5NrmbKpM1HsqMjyKiS6:fevSFn+u7e1dKV76b3u484n+K

Malware Config

Targets

    • Target

      Eleven.exe

    • Size

      32KB

    • MD5

      70d0c8d7dc4db88b1397c2d8b3a631eb

    • SHA1

      fd96d0e7ac6b48f7df83671c8f4ee23fd441920c

    • SHA256

      402b8c78bd16dd3bb8584a9867adc65e0524ce4b850ca62ca22b6e6f37aa3a54

    • SHA512

      81e8dbccfd763dc17e458f41839a7061919f28727fa24377cb9ec9f7bb8cfae1d45f3cfbb8a49b506626ce05768b120933a39291f848fce7d545c20406a9ff88

    • SSDEEP

      384:fWC14vKQBK5v1Zy8ILvnk+9A+12JCMYaa9l2IZn/KPnKU5NrmbKpM1HsqMjyKiS6:fevSFn+u7e1dKV76b3u484n+K

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks