General
-
Target
Eleven.exe
-
Size
291KB
-
Sample
240515-1l4alsdh33
-
MD5
cbce15fbe6803dadc776e071e572fdd7
-
SHA1
8bcea3406938784448ca8277c8550b40585e7089
-
SHA256
4dd8ebe0e5b2810f3490415144e27b834144c644a17dd58eb35a74025d305e5a
-
SHA512
a3e43daa5130ab9942771f66c432848895aea5585cc3b2008d85119573798c3bcd8e86e89483989c9210458271885780f0fe5a85df9aa663a77aafc9dfb39716
-
SSDEEP
6144:Tx/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAFzbkvezHTRqn:iBREcUkHxy8yAFlT0
Static task
static1
Behavioral task
behavioral1
Sample
Eleven.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
Eleven.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Eleven.exe
-
Size
291KB
-
MD5
cbce15fbe6803dadc776e071e572fdd7
-
SHA1
8bcea3406938784448ca8277c8550b40585e7089
-
SHA256
4dd8ebe0e5b2810f3490415144e27b834144c644a17dd58eb35a74025d305e5a
-
SHA512
a3e43daa5130ab9942771f66c432848895aea5585cc3b2008d85119573798c3bcd8e86e89483989c9210458271885780f0fe5a85df9aa663a77aafc9dfb39716
-
SSDEEP
6144:Tx/LcTEyF1dH3VOVw44UOisbaxHUsAxyOzk9jAFzbkvezHTRqn:iBREcUkHxy8yAFlT0
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1