General
-
Target
Armageddon.exe
-
Size
322KB
-
Sample
240701-ts2l2asdjk
-
MD5
50c6225ff8e1e741238fc0bbdf7d8172
-
SHA1
c2cc9ad6549d7e81f9052ba45680219bab75960a
-
SHA256
1ebdbfea6ab13f258a7d00dea47de48261cfb84d52ebbb6f282498c3ab1b1b39
-
SHA512
062727f899ac911782fde6ba37f693ffc9f6b4255aa56312d0bc9594e978010d314a16b7014fe380a5f3b8931b0aac4a5d407b3916c36de4deae82d8ac7c31d2
-
SSDEEP
3072:F66/pFINPVP06dvuqrWrb60Db+7uQxQrq61gFsRd8cQUewkoLeC8BS0HVKT+8X2C:Gbxu6Q31gFsR0FoTY8T+8Gx
Malware Config
Targets
-
-
Target
Armageddon.exe
-
Size
322KB
-
MD5
50c6225ff8e1e741238fc0bbdf7d8172
-
SHA1
c2cc9ad6549d7e81f9052ba45680219bab75960a
-
SHA256
1ebdbfea6ab13f258a7d00dea47de48261cfb84d52ebbb6f282498c3ab1b1b39
-
SHA512
062727f899ac911782fde6ba37f693ffc9f6b4255aa56312d0bc9594e978010d314a16b7014fe380a5f3b8931b0aac4a5d407b3916c36de4deae82d8ac7c31d2
-
SSDEEP
3072:F66/pFINPVP06dvuqrWrb60Db+7uQxQrq61gFsRd8cQUewkoLeC8BS0HVKT+8X2C:Gbxu6Q31gFsR0FoTY8T+8Gx
Score10/10-
UAC bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1