General
-
Target
e6b8e3e3afe5b8a273176c7538102f7a6e7bdb72879393e9b398220b075afc25
-
Size
550KB
-
Sample
241028-gw454szmcl
-
MD5
ef66bc948ca5ff1bd4e76191adc11b0a
-
SHA1
d1fb64af325b0cfaa165869d8fcafea672849fd3
-
SHA256
e6b8e3e3afe5b8a273176c7538102f7a6e7bdb72879393e9b398220b075afc25
-
SHA512
914de2b160d607dfb87c19e52006c4c3724f8d96f7a7ae7d31d1219539745fc73a77e2484cc23459f33b16ee16f8356356380f759988e15dddbe5fd707b905d8
-
SSDEEP
6144:/pW2bgbbV28okoS1oWMkdlZQ5iinNrv26FYLIcw/3Scg1IReqYKztp0YcAvq:/pW2IoioS6p8IReqYKztp0YTvq
Malware Config
Targets
-
-
Target
e6b8e3e3afe5b8a273176c7538102f7a6e7bdb72879393e9b398220b075afc25
-
Size
550KB
-
MD5
ef66bc948ca5ff1bd4e76191adc11b0a
-
SHA1
d1fb64af325b0cfaa165869d8fcafea672849fd3
-
SHA256
e6b8e3e3afe5b8a273176c7538102f7a6e7bdb72879393e9b398220b075afc25
-
SHA512
914de2b160d607dfb87c19e52006c4c3724f8d96f7a7ae7d31d1219539745fc73a77e2484cc23459f33b16ee16f8356356380f759988e15dddbe5fd707b905d8
-
SSDEEP
6144:/pW2bgbbV28okoS1oWMkdlZQ5iinNrv26FYLIcw/3Scg1IReqYKztp0YcAvq:/pW2IoioS6p8IReqYKztp0YTvq
Score10/10-
UAC bypass
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Modifies system executable filetype association
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1