General
-
Target
UCK.exe.v
-
Size
71.1MB
-
Sample
240920-s8zxpsthqa
-
MD5
acbf08778a592b1df8bf580523318b15
-
SHA1
0f2ad175ce7f268bd94da842b822b5694c184375
-
SHA256
1d61f61df5de462749d36797f4e5a3f6a4b95fdf132a363e0276bfd59643fd45
-
SHA512
e6e3373d21eb404b43839537a43f3eda63a9cf01f19db6bc799ce3388b80ee11c6ae17af6c89432576ac5eef69240a35a0cbfb83a9514ac0ef1ad290a5baf0e1
-
SSDEEP
1572864:zuaCjxMgp23PnpSRxxhaz/+df11/GgzBGQIj5Oi:ia+9unkRxDw/Mf/pBGRj5
Malware Config
Targets
-
-
Target
UCK.exe.v
-
Size
71.1MB
-
MD5
acbf08778a592b1df8bf580523318b15
-
SHA1
0f2ad175ce7f268bd94da842b822b5694c184375
-
SHA256
1d61f61df5de462749d36797f4e5a3f6a4b95fdf132a363e0276bfd59643fd45
-
SHA512
e6e3373d21eb404b43839537a43f3eda63a9cf01f19db6bc799ce3388b80ee11c6ae17af6c89432576ac5eef69240a35a0cbfb83a9514ac0ef1ad290a5baf0e1
-
SSDEEP
1572864:zuaCjxMgp23PnpSRxxhaz/+df11/GgzBGQIj5Oi:ia+9unkRxDw/Mf/pBGRj5
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1