General
-
Target
ca3ef6aa3d48739458f3446ac188ff1dc7f3ce6ff8816eb73ddfa6f2d305d3d3
-
Size
5.0MB
-
Sample
240906-zbry6axama
-
MD5
ddc993fe772d6df1656c22b6c0ea2df7
-
SHA1
489599ffda5275896dfd4347ee68087bb54c13a1
-
SHA256
ca3ef6aa3d48739458f3446ac188ff1dc7f3ce6ff8816eb73ddfa6f2d305d3d3
-
SHA512
5bfbd095eeb8616b05628863acb4f7e58ccf7f24f75e749e4f03206c1c1eb8df794da6f5dbf658f64e5860f15849bae9a5c43386d11595687e8da002f9dc8804
-
SSDEEP
98304:xc00zuLKe+anb7LVsmSas1+YRg74gxoD88kFCHyDcb3:xc00zuLKC7SasBS74D8pCHyg7
Malware Config
Targets
-
-
Target
ca3ef6aa3d48739458f3446ac188ff1dc7f3ce6ff8816eb73ddfa6f2d305d3d3
-
Size
5.0MB
-
MD5
ddc993fe772d6df1656c22b6c0ea2df7
-
SHA1
489599ffda5275896dfd4347ee68087bb54c13a1
-
SHA256
ca3ef6aa3d48739458f3446ac188ff1dc7f3ce6ff8816eb73ddfa6f2d305d3d3
-
SHA512
5bfbd095eeb8616b05628863acb4f7e58ccf7f24f75e749e4f03206c1c1eb8df794da6f5dbf658f64e5860f15849bae9a5c43386d11595687e8da002f9dc8804
-
SSDEEP
98304:xc00zuLKe+anb7LVsmSas1+YRg74gxoD88kFCHyDcb3:xc00zuLKC7SasBS74D8pCHyg7
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1