General

  • Target

    4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9eN

  • Size

    8.6MB

  • Sample

    241006-qlsh1awclk

  • MD5

    02ce76f0e3f059f1d527040a2a1d4be0

  • SHA1

    52514341de8327bd65d8b333ecff025f639e4ac5

  • SHA256

    4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9e

  • SHA512

    9668643323493751f0021cc83ad222f422c77f12b0c0e214c18c245940d9e883a8edf8d28caeb8f1ee68ff043a181bfe0d5676a76d67ac128b8470cdfb5548be

  • SSDEEP

    196608:zE0aFaUSCsXDjDyfadJolpPgToa10/MIGdFOnJ4H6U62jto4UKFTUy:QLFaHCEDjJ83a10YsQ7o4

Malware Config

Targets

    • Target

      4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9eN

    • Size

      8.6MB

    • MD5

      02ce76f0e3f059f1d527040a2a1d4be0

    • SHA1

      52514341de8327bd65d8b333ecff025f639e4ac5

    • SHA256

      4093bbcc81ac07e93a0ad1e1817e1529deb8ea3b06239308658b2712e0adff9e

    • SHA512

      9668643323493751f0021cc83ad222f422c77f12b0c0e214c18c245940d9e883a8edf8d28caeb8f1ee68ff043a181bfe0d5676a76d67ac128b8470cdfb5548be

    • SSDEEP

      196608:zE0aFaUSCsXDjDyfadJolpPgToa10/MIGdFOnJ4H6U62jto4UKFTUy:QLFaHCEDjJ83a10YsQ7o4

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Modifies Windows Firewall

    • Possible privilege escalation attempt

    • Loads dropped DLL

    • Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks