General
-
Target
leagueoflengends.exe
-
Size
5.3MB
-
Sample
240526-xz3dpagh4w
-
MD5
6d609a4b52eda885ac62f4375e3dd90f
-
SHA1
7130d727c351bdb079f3d72eb08d77bc685e00b7
-
SHA256
f6259330c8322e116de96c0342b128086b9042fd5d60d7f1e7a1bc6c4c9509a6
-
SHA512
3e9432b8b81690a1b1778f5877bf40244852f3c092156f71056ef85a60c0261048c81055d81ec8e2423af239f1a60867184c34bcebbb6022d72059044a395ee0
-
SSDEEP
98304:hndruorKIDTGpzoLLJ3TbwaVvrZE0IdeyoFQK15W8ASLmbNYJERw1jrTH+1DE8IY:hndruoeIm9onJ5hrZEReyiU8AdZYJERD
Malware Config
Targets
-
-
Target
leagueoflengends.exe
-
Size
5.3MB
-
MD5
6d609a4b52eda885ac62f4375e3dd90f
-
SHA1
7130d727c351bdb079f3d72eb08d77bc685e00b7
-
SHA256
f6259330c8322e116de96c0342b128086b9042fd5d60d7f1e7a1bc6c4c9509a6
-
SHA512
3e9432b8b81690a1b1778f5877bf40244852f3c092156f71056ef85a60c0261048c81055d81ec8e2423af239f1a60867184c34bcebbb6022d72059044a395ee0
-
SSDEEP
98304:hndruorKIDTGpzoLLJ3TbwaVvrZE0IdeyoFQK15W8ASLmbNYJERw1jrTH+1DE8IY:hndruoeIm9onJ5hrZEReyiU8AdZYJERD
Score10/10-
UAC bypass
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1