General
-
Target
noescape
-
Size
8KB
-
Sample
241019-1bn3yazelb
-
MD5
df0571b6df68961d29e58688c1a49608
-
SHA1
1557b128ad0ae94e0d6b4ee0430d16df23b807e2
-
SHA256
35d3c061e0a8ff5920e025c58d331eafef9d12fbd52a572eead15ecd19ab0a55
-
SHA512
ad7131e64b8258a8336362bb9f3cc501e44218683eb1074f495c76042771bcf20a3454819b9f9c37f6adf35c3a078c626c41d4adfb68939cffec47b6382a9e48
-
SSDEEP
192:PN2x2BwKBF+/rYQA0kmNiGy2aLAaShHcNs4syYN:AxTKBF+/BA0kEG8qNNUN
Static task
static1
Behavioral task
behavioral1
Sample
noescape.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
noescape.html
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
noescape
-
Size
8KB
-
MD5
df0571b6df68961d29e58688c1a49608
-
SHA1
1557b128ad0ae94e0d6b4ee0430d16df23b807e2
-
SHA256
35d3c061e0a8ff5920e025c58d331eafef9d12fbd52a572eead15ecd19ab0a55
-
SHA512
ad7131e64b8258a8336362bb9f3cc501e44218683eb1074f495c76042771bcf20a3454819b9f9c37f6adf35c3a078c626c41d4adfb68939cffec47b6382a9e48
-
SSDEEP
192:PN2x2BwKBF+/rYQA0kmNiGy2aLAaShHcNs4syYN:AxTKBF+/BA0kEG8qNNUN
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4