General

  • Target

    Suspxct.exe

  • Size

    3.8MB

  • Sample

    241111-tms3ps1fqd

  • MD5

    bb9e693d2df3edaeceb9d8b6cb2fa1df

  • SHA1

    0a66c6bca9c11cd5375e7c54897ffc36baab5c27

  • SHA256

    201f5728c8000bfa84fea795c6acbba4d216bb2d75d8e239b10f19efc50b8b90

  • SHA512

    a7ab242494e1ccb857656870cc2c44911f2f679b14ad3cccbae4d402f0253c0472ffd9b9c2172aa87d8368c6257563042ca9142002e5bc42d8b58e74f7feba79

  • SSDEEP

    98304:sQWQ43Ym5daZdjObRfkqXf0F9+KH4kpc+DX/0H:sQWQ43YmOZdukSIEKYOD

Malware Config

Targets

    • Target

      Suspxct.exe

    • Size

      3.8MB

    • MD5

      bb9e693d2df3edaeceb9d8b6cb2fa1df

    • SHA1

      0a66c6bca9c11cd5375e7c54897ffc36baab5c27

    • SHA256

      201f5728c8000bfa84fea795c6acbba4d216bb2d75d8e239b10f19efc50b8b90

    • SHA512

      a7ab242494e1ccb857656870cc2c44911f2f679b14ad3cccbae4d402f0253c0472ffd9b9c2172aa87d8368c6257563042ca9142002e5bc42d8b58e74f7feba79

    • SSDEEP

      98304:sQWQ43Ym5daZdjObRfkqXf0F9+KH4kpc+DX/0H:sQWQ43YmOZdukSIEKYOD

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Disables taskbar notifications via registry modification

    • Downloads MZ/PE file

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

    • Checks whether UAC is enabled

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks