General
-
Target
4b6e618410c2eb3b13355802d3c476b0N
-
Size
1.9MB
-
Sample
240914-ey6evawfql
-
MD5
4b6e618410c2eb3b13355802d3c476b0
-
SHA1
deacac54d6c6d5e38bc2de8d69dfb2fba9cdb1a7
-
SHA256
4cef9e27ea33f80aef042ec58c898c66ac3b0f2b2f3e89b7b1b52f0c4b41d625
-
SHA512
d9a55f13b3cfbd9f08ceb9312767e8d3792134a3f7e8f67e8489b257a158c2bc3497f7dc2fd808d1669c29bcc1f0a1a44fb263d1e225691f459380dd67d77ff2
-
SSDEEP
49152:1vwLGvV27Pb+7J9VLbqdELPgxh/QxOD5YEFdscp+VJAhPrxazw9Qt7xC0JxgpaV7:1vmGvV27Pb+7J9VLbqdELPgxh/QxOD5e
Malware Config
Targets
-
-
Target
4b6e618410c2eb3b13355802d3c476b0N
-
Size
1.9MB
-
MD5
4b6e618410c2eb3b13355802d3c476b0
-
SHA1
deacac54d6c6d5e38bc2de8d69dfb2fba9cdb1a7
-
SHA256
4cef9e27ea33f80aef042ec58c898c66ac3b0f2b2f3e89b7b1b52f0c4b41d625
-
SHA512
d9a55f13b3cfbd9f08ceb9312767e8d3792134a3f7e8f67e8489b257a158c2bc3497f7dc2fd808d1669c29bcc1f0a1a44fb263d1e225691f459380dd67d77ff2
-
SSDEEP
49152:1vwLGvV27Pb+7J9VLbqdELPgxh/QxOD5YEFdscp+VJAhPrxazw9Qt7xC0JxgpaV7:1vmGvV27Pb+7J9VLbqdELPgxh/QxOD5e
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2