General

  • Target

    gdifuncs.exe

  • Size

    5.0MB

  • Sample

    240929-x1zn7axbkk

  • MD5

    a86ccbf36e5b7e3b1eebed0bb7642b05

  • SHA1

    b0a9e18921c5d05db1a4cf5f4abf04b38fdebe2d

  • SHA256

    c2055b6d1a4525614e476cd050a64cae479067647ee56f71832c5f97cfac651d

  • SHA512

    761cfff624a97a908eadbaf4fe9df56bf7f1093d260f5c8904ff4d47c6d4152f09232a4157e8139e090ff6aaf06d455a21e72170316340c56dd60049f99fb850

  • SSDEEP

    98304:/Qz+04D+i4DBz2NHlruSSDllNmd+5z/Le7q2:/QS04D+i4DZmLclKez/Lkq

Malware Config

Targets

    • Target

      gdifuncs.exe

    • Size

      5.0MB

    • MD5

      a86ccbf36e5b7e3b1eebed0bb7642b05

    • SHA1

      b0a9e18921c5d05db1a4cf5f4abf04b38fdebe2d

    • SHA256

      c2055b6d1a4525614e476cd050a64cae479067647ee56f71832c5f97cfac651d

    • SHA512

      761cfff624a97a908eadbaf4fe9df56bf7f1093d260f5c8904ff4d47c6d4152f09232a4157e8139e090ff6aaf06d455a21e72170316340c56dd60049f99fb850

    • SSDEEP

      98304:/Qz+04D+i4DBz2NHlruSSDllNmd+5z/Le7q2:/QS04D+i4DZmLclKez/Lkq

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks