General

  • Target

    7bf69188ae195642b23a8903128726200413395d607643f85fd8921ada3919e0.exe

  • Size

    9.4MB

  • Sample

    241114-abc3kasajr

  • MD5

    fb9c9db7c6587c9f13a89b05dcee02e6

  • SHA1

    7ec8e1aa1e0f94293a74fdb7383c6a8e23bfd11e

  • SHA256

    7bf69188ae195642b23a8903128726200413395d607643f85fd8921ada3919e0

  • SHA512

    0bc5f24a143615c68330887b85ba1fd022ed6fae49ee79b1aae1e1c017394d3c6fd040f245064a128ed57d9407e38c6a711d12b0c1b57fbb3745fe1426514f86

  • SSDEEP

    6144:tSK/ymZ3ctTWQHf5ctj8jRi2WGKMSVT86JQPDHDdx/QtqpS:ue0TlHf55RShPJQPDHvdM

Malware Config

Targets

    • Target

      7bf69188ae195642b23a8903128726200413395d607643f85fd8921ada3919e0.exe

    • Size

      9.4MB

    • MD5

      fb9c9db7c6587c9f13a89b05dcee02e6

    • SHA1

      7ec8e1aa1e0f94293a74fdb7383c6a8e23bfd11e

    • SHA256

      7bf69188ae195642b23a8903128726200413395d607643f85fd8921ada3919e0

    • SHA512

      0bc5f24a143615c68330887b85ba1fd022ed6fae49ee79b1aae1e1c017394d3c6fd040f245064a128ed57d9407e38c6a711d12b0c1b57fbb3745fe1426514f86

    • SSDEEP

      6144:tSK/ymZ3ctTWQHf5ctj8jRi2WGKMSVT86JQPDHDdx/QtqpS:ue0TlHf55RShPJQPDHvdM

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks