General
-
Target
kuaiVPN.exe.v
-
Size
74.2MB
-
Sample
241004-jr73bawgpf
-
MD5
573927587a7168c33cf31984889017af
-
SHA1
242f99d7c496bd3a27a0ce1e2e02384d7b101372
-
SHA256
5fd024a9cb3e159863e82b6044cd0f2f539ca459d82445ba0e685a0400ee18e2
-
SHA512
3db41728cc31690be50a8d0132345c6f4778c206d27f4b5cdc73d4913633d483523a3df998223040c1d55c40f54aa1bfd4736f8895d50d34ac4567ebcb378f42
-
SSDEEP
1572864:S444444jUyRLelUyRLelUyRLelUyRLelUyRLelUyRLeTtOgjtOgjtOgjtOge4447:+t9jt9jt9jt9I+jkfA
Malware Config
Targets
-
-
Target
kuaiVPN.exe.v
-
Size
74.2MB
-
MD5
573927587a7168c33cf31984889017af
-
SHA1
242f99d7c496bd3a27a0ce1e2e02384d7b101372
-
SHA256
5fd024a9cb3e159863e82b6044cd0f2f539ca459d82445ba0e685a0400ee18e2
-
SHA512
3db41728cc31690be50a8d0132345c6f4778c206d27f4b5cdc73d4913633d483523a3df998223040c1d55c40f54aa1bfd4736f8895d50d34ac4567ebcb378f42
-
SSDEEP
1572864:S444444jUyRLelUyRLelUyRLelUyRLelUyRLelUyRLeTtOgjtOgjtOgjtOge4447:+t9jt9jt9jt9I+jkfA
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1