General
-
Target
letsvpn3.10.4Install.exe.v
-
Size
15.3MB
-
Sample
240920-vrvyjayakq
-
MD5
9e07c23a29b69024cc8cd6b0ee856b6c
-
SHA1
c0a6c67d609c9d4adcb3b2b13f65e5eda0c9fbeb
-
SHA256
918bc31cba93f294e71233e9b029705706175be78ca6fff523fb4b5ba87dbfce
-
SHA512
3b45a5d1657d18c336df7c64eac1a6b365a7d881a22d6d30944c3d2a8b994e0d07c2a0a91afd6999b6d559abc0ae29d065a95c55ac7b0a74e3d77e2f257d11dc
-
SSDEEP
393216:qE9AqYuf1pK6o217nb2LLhY8iuakhNrjcJp:3tf1ppzsLhHiEoJp
Malware Config
Extracted
Protocol: ftp- Host:
134.122.155.46 - Port:
21 - Username:
lz165404 - Password:
lz165404.
Targets
-
-
Target
letsvpn3.10.4Install.exe.v
-
Size
15.3MB
-
MD5
9e07c23a29b69024cc8cd6b0ee856b6c
-
SHA1
c0a6c67d609c9d4adcb3b2b13f65e5eda0c9fbeb
-
SHA256
918bc31cba93f294e71233e9b029705706175be78ca6fff523fb4b5ba87dbfce
-
SHA512
3b45a5d1657d18c336df7c64eac1a6b365a7d881a22d6d30944c3d2a8b994e0d07c2a0a91afd6999b6d559abc0ae29d065a95c55ac7b0a74e3d77e2f257d11dc
-
SSDEEP
393216:qE9AqYuf1pK6o217nb2LLhY8iuakhNrjcJp:3tf1ppzsLhHiEoJp
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2