General

  • Target

    leagueoflengends.exe

  • Size

    5.3MB

  • Sample

    240526-xx5e9sgg8t

  • MD5

    d8e29a483b0e939daa8620fa9551f229

  • SHA1

    3272efc1e60fb6e65295b94530e0f72ec05e9b21

  • SHA256

    e3f2f0455958438009b8d81269e59b8ba52de86d6be364b219eaaf462f7e5083

  • SHA512

    62cc4fb9cc93adfe76e0e176c9687c0c3a3ca42629f3a1172e4dcab95eff85f7b4d235e19612ce1bef2ba6429a60160b88a4240583221b90c4269dd2515b0e6e

  • SSDEEP

    98304:3nzruErKIDTGpzoLLJ3TbwaVvrZE0IdeyoFQK15W8ASLmbNYJERw1jrTH+1DE8IY:3nzruEeIm9onJ5hrZEReyiU8AdZYJERD

Malware Config

Targets

    • Target

      leagueoflengends.exe

    • Size

      5.3MB

    • MD5

      d8e29a483b0e939daa8620fa9551f229

    • SHA1

      3272efc1e60fb6e65295b94530e0f72ec05e9b21

    • SHA256

      e3f2f0455958438009b8d81269e59b8ba52de86d6be364b219eaaf462f7e5083

    • SHA512

      62cc4fb9cc93adfe76e0e176c9687c0c3a3ca42629f3a1172e4dcab95eff85f7b4d235e19612ce1bef2ba6429a60160b88a4240583221b90c4269dd2515b0e6e

    • SSDEEP

      98304:3nzruErKIDTGpzoLLJ3TbwaVvrZE0IdeyoFQK15W8ASLmbNYJERw1jrTH+1DE8IY:3nzruEeIm9onJ5hrZEReyiU8AdZYJERD

    Score
    10/10
    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks