General

  • Target

    Eleven.exe

  • Size

    32KB

  • Sample

    240513-fc1g5sch86

  • MD5

    ad18271cf42bd84ba924fb779816d0a0

  • SHA1

    ea14da42253f63fc085b49d3eb1df8cce6d5bd1b

  • SHA256

    27b25d0e5d41fac1236761a1e6f28fa34fe5c461983080d2055999ccc028af7f

  • SHA512

    e4953230214753781e54367ba609836747f818a58472cd740b5f33e5346e7e295dbc87c7150bed4beed9d08609938245aa2fdfa92f8efb9eaf35251c101f6d7e

  • SSDEEP

    768:PwvncN65Dq8+ri94+imizhRB5m6bMu4wK8IK:PAcI5Dqiy+ivjdbMibx

Malware Config

Targets

    • Target

      Eleven.exe

    • Size

      32KB

    • MD5

      ad18271cf42bd84ba924fb779816d0a0

    • SHA1

      ea14da42253f63fc085b49d3eb1df8cce6d5bd1b

    • SHA256

      27b25d0e5d41fac1236761a1e6f28fa34fe5c461983080d2055999ccc028af7f

    • SHA512

      e4953230214753781e54367ba609836747f818a58472cd740b5f33e5346e7e295dbc87c7150bed4beed9d08609938245aa2fdfa92f8efb9eaf35251c101f6d7e

    • SSDEEP

      768:PwvncN65Dq8+ri94+imizhRB5m6bMu4wK8IK:PAcI5Dqiy+ivjdbMibx

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks