General
-
Target
Eleven.exe
-
Size
32KB
-
Sample
240513-fc1g5sch86
-
MD5
ad18271cf42bd84ba924fb779816d0a0
-
SHA1
ea14da42253f63fc085b49d3eb1df8cce6d5bd1b
-
SHA256
27b25d0e5d41fac1236761a1e6f28fa34fe5c461983080d2055999ccc028af7f
-
SHA512
e4953230214753781e54367ba609836747f818a58472cd740b5f33e5346e7e295dbc87c7150bed4beed9d08609938245aa2fdfa92f8efb9eaf35251c101f6d7e
-
SSDEEP
768:PwvncN65Dq8+ri94+imizhRB5m6bMu4wK8IK:PAcI5Dqiy+ivjdbMibx
Static task
static1
Behavioral task
behavioral1
Sample
Eleven.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Eleven.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Eleven.exe
-
Size
32KB
-
MD5
ad18271cf42bd84ba924fb779816d0a0
-
SHA1
ea14da42253f63fc085b49d3eb1df8cce6d5bd1b
-
SHA256
27b25d0e5d41fac1236761a1e6f28fa34fe5c461983080d2055999ccc028af7f
-
SHA512
e4953230214753781e54367ba609836747f818a58472cd740b5f33e5346e7e295dbc87c7150bed4beed9d08609938245aa2fdfa92f8efb9eaf35251c101f6d7e
-
SSDEEP
768:PwvncN65Dq8+ri94+imizhRB5m6bMu4wK8IK:PAcI5Dqiy+ivjdbMibx
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1