General
-
Target
Virus-Collection
-
Size
248KB
-
Sample
250125-hwpabssrfk
-
MD5
575e3a2c7acb8eabfb978d65d2af70f2
-
SHA1
abf5c25811edf1d57ab2518bf3c1b552107a426e
-
SHA256
ec85d68b225b578f50e6916d89c6c09c269c9cc61a75ab92d777895027a9ffc6
-
SHA512
89380487c7fa90aa81c8f9f55ab53216a6d3fd16beb9dd04e2819f1db71b1c4d78578c9c510988c80204e599e7777c3f6da79c464131d4a95a4117543b854b8b
-
SSDEEP
6144:frN5mpOL/saqkPV9FH2LtcIDSsmwIx99vZJT3CqbMrhryf65NRPaCieMjAkvCJvI:jN5mpOL/saqkPV9FH2LtcIDSsmwIx99L
Static task
static1
Behavioral task
behavioral1
Sample
Virus-Collection
Resource
win11-20241023-en
Malware Config
Targets
-
-
Target
Virus-Collection
-
Size
248KB
-
MD5
575e3a2c7acb8eabfb978d65d2af70f2
-
SHA1
abf5c25811edf1d57ab2518bf3c1b552107a426e
-
SHA256
ec85d68b225b578f50e6916d89c6c09c269c9cc61a75ab92d777895027a9ffc6
-
SHA512
89380487c7fa90aa81c8f9f55ab53216a6d3fd16beb9dd04e2819f1db71b1c4d78578c9c510988c80204e599e7777c3f6da79c464131d4a95a4117543b854b8b
-
SSDEEP
6144:frN5mpOL/saqkPV9FH2LtcIDSsmwIx99vZJT3CqbMrhryf65NRPaCieMjAkvCJvI:jN5mpOL/saqkPV9FH2LtcIDSsmwIx99L
Score10/10-
UAC bypass
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1