Overview

overview

10

Static

static

3

KLL.exe

windows7-x64

10

KLL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KLL.exe

  • Size

    28.5MB

  • Sample

    240721-xcfleazcnc

  • MD5

    b0006641ac4ca62f50684803adfb4b97

  • SHA1

    b8fa42be29463196116af503cf9c7d9ce5f06697

  • SHA256

    2686d52f937db5f1bf8855152e42f7f419f9d2431c1d032358f213395bd3e326

  • SHA512

    b3ae0a8cbf47ce83b88995f362ddc1f45e85c0e5ca726c5f21c22a8aebef5cf43648678940fadcf401928a4e7715c2f849d1b2ebd23d541a1a2398d40ff0754a

  • SSDEEP

    393216:Mky0HkZmyTtvkJJhddL1ugGFPO2bacIGxQRu8/aJHYjzZSOn3P7zZmHs5t3Eiz5N:MsS4rHNJJ1AtROo1YsM6Hmad+o

Score
10/10
evasionexecutionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      KLL.exe

    • Size

      28.5MB

    • MD5

      b0006641ac4ca62f50684803adfb4b97

    • SHA1

      b8fa42be29463196116af503cf9c7d9ce5f06697

    • SHA256

      2686d52f937db5f1bf8855152e42f7f419f9d2431c1d032358f213395bd3e326

    • SHA512

      b3ae0a8cbf47ce83b88995f362ddc1f45e85c0e5ca726c5f21c22a8aebef5cf43648678940fadcf401928a4e7715c2f849d1b2ebd23d541a1a2398d40ff0754a

    • SSDEEP

      393216:Mky0HkZmyTtvkJJhddL1ugGFPO2bacIGxQRu8/aJHYjzZSOn3P7zZmHs5t3Eiz5N:MsS4rHNJJ1AtROo1YsM6Hmad+o

    Score
    10/10
    evasionexecutionpersistenceprivilege_escalationtrojan

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks