General
-
Target
Skärmbild 2025-02-08 220846.jpg
-
Size
17KB
-
Sample
250519-yca7csyjx4
-
MD5
c47a8921574fcf34049e4da841caef15
-
SHA1
08e937b0dc69b9cf8c1ddabec5cc6f121c38fb5c
-
SHA256
cf716d3a1115a428e22e715bf20f85c4ceafeb95bdf1013de20e4fef511e5b87
-
SHA512
d03dfd04e54961f5cab61f5ddc13c2bd60c3c998ed98afeb03230145024403d253839f7b16fb7be3b494caff483b27d467baad31457077feb0b65e424b4b13e6
-
SSDEEP
384:k5GsY517nL78ScGK8jhQol8nlISgx7OHRSMw2HKRmK9c+l5p7q/SWyLFrmF:k5+1T8ScGrjhQRS7KLdKRmKVDpeyMF
Static task
static1
Behavioral task
behavioral1
Sample
Skärmbild 2025-02-08 220846.jpg
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
Skärmbild 2025-02-08 220846.jpg
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
Skärmbild 2025-02-08 220846.jpg
-
Size
17KB
-
MD5
c47a8921574fcf34049e4da841caef15
-
SHA1
08e937b0dc69b9cf8c1ddabec5cc6f121c38fb5c
-
SHA256
cf716d3a1115a428e22e715bf20f85c4ceafeb95bdf1013de20e4fef511e5b87
-
SHA512
d03dfd04e54961f5cab61f5ddc13c2bd60c3c998ed98afeb03230145024403d253839f7b16fb7be3b494caff483b27d467baad31457077feb0b65e424b4b13e6
-
SSDEEP
384:k5GsY517nL78ScGK8jhQol8nlISgx7OHRSMw2HKRmK9c+l5p7q/SWyLFrmF:k5+1T8ScGrjhQRS7KLdKRmKVDpeyMF
-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
7Pre-OS Boot
1Bootkit
1