General
-
Target
Eleven.exe
-
Size
245KB
-
Sample
240513-q6ywhshc9y
-
MD5
b2dccfdf2274ea65c0e973efb2f3e4db
-
SHA1
c645449e392351b91d7d927f540951ed0dd286a6
-
SHA256
ff4406f8491cf0ad3a6dfe9f191754f0df99669a436aeacb67563a287d194581
-
SHA512
839ccdf7c88bf43d1baaa4dc91a2317536208e93a49d61b3aa09d46020493207343e284ee8f7bd172c81e1a5ad20d9d02aafc31766bae66cc14a8fb806d713b2
-
SSDEEP
6144:ux/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAP4Ubc:TBREcUkHxy8yAP4N
Malware Config
Targets
-
-
Target
Eleven.exe
-
Size
245KB
-
MD5
b2dccfdf2274ea65c0e973efb2f3e4db
-
SHA1
c645449e392351b91d7d927f540951ed0dd286a6
-
SHA256
ff4406f8491cf0ad3a6dfe9f191754f0df99669a436aeacb67563a287d194581
-
SHA512
839ccdf7c88bf43d1baaa4dc91a2317536208e93a49d61b3aa09d46020493207343e284ee8f7bd172c81e1a5ad20d9d02aafc31766bae66cc14a8fb806d713b2
-
SSDEEP
6144:ux/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAP4Ubc:TBREcUkHxy8yAP4N
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1