General
-
Target
d23d6d9a28cccf41f5f745a6042311e545af89d2cfab26d62b732f79772a3a0b
-
Size
2.9MB
-
Sample
240724-dxrpmayemf
-
MD5
3e8401bb83517566ebbb4c00a0b6ff38
-
SHA1
20ced727e415faaaba1d9c7608ca8caed18a70f5
-
SHA256
d23d6d9a28cccf41f5f745a6042311e545af89d2cfab26d62b732f79772a3a0b
-
SHA512
38ce808876394382e9cb4388db1ae564bffe3ff3456afe91beb4e5481ac193341f9edc1522fe00a15d2459b33f1e9e02db27f188d431e96481721da990670283
-
SSDEEP
24576:a2Fu/HGcDdQwWH+7aU2E0lFgG9XqcSUXI+SwBeSwtPpoc+yu0cjZxY6jRt5oHkv4:Vu/dUpCw4SIjcP0idTfTXE5JJ7g97C
Malware Config
Targets
-
-
Target
d23d6d9a28cccf41f5f745a6042311e545af89d2cfab26d62b732f79772a3a0b
-
Size
2.9MB
-
MD5
3e8401bb83517566ebbb4c00a0b6ff38
-
SHA1
20ced727e415faaaba1d9c7608ca8caed18a70f5
-
SHA256
d23d6d9a28cccf41f5f745a6042311e545af89d2cfab26d62b732f79772a3a0b
-
SHA512
38ce808876394382e9cb4388db1ae564bffe3ff3456afe91beb4e5481ac193341f9edc1522fe00a15d2459b33f1e9e02db27f188d431e96481721da990670283
-
SSDEEP
24576:a2Fu/HGcDdQwWH+7aU2E0lFgG9XqcSUXI+SwBeSwtPpoc+yu0cjZxY6jRt5oHkv4:Vu/dUpCw4SIjcP0idTfTXE5JJ7g97C
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5