General
-
Target
944800fdedefa2dcf75881f89bb7f7de85896a1057d8a80317feb989ebffbedc
-
Size
732KB
-
Sample
240521-bqs8rsdh91
-
MD5
7395e1cd43892d6d57f707030edc3496
-
SHA1
6943b05eb1767849d5c9861c3e35f60f0fedb07e
-
SHA256
944800fdedefa2dcf75881f89bb7f7de85896a1057d8a80317feb989ebffbedc
-
SHA512
2ea5f14be1d1f983bb9122f45bdd33a124e45bab43a728e8ea93b1eb8df7b6d8dbce76c4465f0300d6bc1b61fd05333729d4bc46ab020ba14bea8fb4391a1e15
-
SSDEEP
12288:wXgvmzFHi0mo5aH0qMzd5807FvPJQPDHvd:wXgvOHi0mGaH0qSdPFJ4V
Malware Config
Targets
-
-
Target
944800fdedefa2dcf75881f89bb7f7de85896a1057d8a80317feb989ebffbedc
-
Size
732KB
-
MD5
7395e1cd43892d6d57f707030edc3496
-
SHA1
6943b05eb1767849d5c9861c3e35f60f0fedb07e
-
SHA256
944800fdedefa2dcf75881f89bb7f7de85896a1057d8a80317feb989ebffbedc
-
SHA512
2ea5f14be1d1f983bb9122f45bdd33a124e45bab43a728e8ea93b1eb8df7b6d8dbce76c4465f0300d6bc1b61fd05333729d4bc46ab020ba14bea8fb4391a1e15
-
SSDEEP
12288:wXgvmzFHi0mo5aH0qMzd5807FvPJQPDHvd:wXgvOHi0mGaH0qSdPFJ4V
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1