General
-
Target
MovieDuels.x86.exe
-
Size
830KB
-
Sample
250330-zx7lqsxsaz
-
MD5
e0f676512de7503cf559cb1e5212e7e7
-
SHA1
6a19ca3de64e3d3e16d160d9b3f10a9019302660
-
SHA256
2b6d4cefa77ae47c33bbad9dba1dbce9f83a83ed31a0fc5039d24b2c649a7dca
-
SHA512
b31185e3a5af2421382d56b82c7329c092a5287005be3667638acb7c2ccaabe5a89c10695ccac97406e72bc1d52ac6865e9b0a84437875d8abe35f65d5fb60fa
-
SSDEEP
24576:hHKxoUWVvBO9Pw0JivckQxgiKZj3z4wBpdwV9RNdJB5nS3T4+LX:hqxnivmAj3z4wBpiSTRz
Malware Config
Targets
-
-
Target
MovieDuels.x86.exe
-
Size
830KB
-
MD5
e0f676512de7503cf559cb1e5212e7e7
-
SHA1
6a19ca3de64e3d3e16d160d9b3f10a9019302660
-
SHA256
2b6d4cefa77ae47c33bbad9dba1dbce9f83a83ed31a0fc5039d24b2c649a7dca
-
SHA512
b31185e3a5af2421382d56b82c7329c092a5287005be3667638acb7c2ccaabe5a89c10695ccac97406e72bc1d52ac6865e9b0a84437875d8abe35f65d5fb60fa
-
SSDEEP
24576:hHKxoUWVvBO9Pw0JivckQxgiKZj3z4wBpdwV9RNdJB5nS3T4+LX:hqxnivmAj3z4wBpiSTRz
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies system executable filetype association
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4