General

  • Target

    93c55deeee3cd963b82fea8d32b0848f35bb4679921045b07f8116c21c6634b7

  • Size

    704KB

  • Sample

    241121-b18q7sxcne

  • MD5

    906593a62b364af3cbebf6d28d595531

  • SHA1

    97f124e6394796b8020e5162b04cafcc6ebdf11a

  • SHA256

    93c55deeee3cd963b82fea8d32b0848f35bb4679921045b07f8116c21c6634b7

  • SHA512

    cb419c171cdeb5f034e35f7337dee26718b47c6cc55b167e4da79210f34cfa28e843b5a65a5260d9ce96a5a1688d8fdf2d57f4c44d56a8d667ea46ba9b451bd2

  • SSDEEP

    12288:mXgvmzFHi0mo5aH0qMzd5807FIjPJQPDHvd:mXgvOHi0mGaH0qSdPFIl4V

Malware Config

Targets

    • Target

      93c55deeee3cd963b82fea8d32b0848f35bb4679921045b07f8116c21c6634b7

    • Size

      704KB

    • MD5

      906593a62b364af3cbebf6d28d595531

    • SHA1

      97f124e6394796b8020e5162b04cafcc6ebdf11a

    • SHA256

      93c55deeee3cd963b82fea8d32b0848f35bb4679921045b07f8116c21c6634b7

    • SHA512

      cb419c171cdeb5f034e35f7337dee26718b47c6cc55b167e4da79210f34cfa28e843b5a65a5260d9ce96a5a1688d8fdf2d57f4c44d56a8d667ea46ba9b451bd2

    • SSDEEP

      12288:mXgvmzFHi0mo5aH0qMzd5807FIjPJQPDHvd:mXgvOHi0mGaH0qSdPFIl4V

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Hijack Execution Flow: Executable Installer File Permissions Weakness

      Possible Turn off User Account Control's privilege elevation for standard users.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks