General
-
Target
Copia de pago bancario.exe
-
Size
2.5MB
-
Sample
240814-j15csa1fpb
-
MD5
eaf7d1ed229a770a4ee4acb0f502b4bb
-
SHA1
cb5328da24d6c4958fb0c37f00747376cf38cb1b
-
SHA256
8a2b18e511eb04d2f2b6aaefe5616ecdf27645a6724f3e0bd57bc85acab7addc
-
SHA512
56db3fdea5d383a78796b30298597873b5f15be60ab1f5004c568340c7c5f3490125f2c8f59703e6c600fbf51ed6b8fc449c328b94a78d80be39d43f544baff2
-
SSDEEP
12288:ltjngdNLnDEz+r/7IUv4hox/Fz/KG/0PETJeIqVkvN3GYuaT7o:7QLnDEz+r/7zxt/KG/VtikvN2Yt7o
Malware Config
Targets
-
-
Target
Copia de pago bancario.exe
-
Size
2.5MB
-
MD5
eaf7d1ed229a770a4ee4acb0f502b4bb
-
SHA1
cb5328da24d6c4958fb0c37f00747376cf38cb1b
-
SHA256
8a2b18e511eb04d2f2b6aaefe5616ecdf27645a6724f3e0bd57bc85acab7addc
-
SHA512
56db3fdea5d383a78796b30298597873b5f15be60ab1f5004c568340c7c5f3490125f2c8f59703e6c600fbf51ed6b8fc449c328b94a78d80be39d43f544baff2
-
SSDEEP
12288:ltjngdNLnDEz+r/7IUv4hox/Fz/KG/0PETJeIqVkvN3GYuaT7o:7QLnDEz+r/7zxt/KG/VtikvN2Yt7o
Score10/10-
UAC bypass
-
Windows security bypass
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Adds policy Run key to start application
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
7Scripting
1