Resubmissions
30/05/2025, 22:49
250530-2r2jmsz1hw 730/05/2025, 22:47
250530-2qlrssynv3 830/05/2025, 22:44
250530-2n7lgsynt3 730/05/2025, 22:31
250530-2fgebsbp8y 730/05/2025, 22:24
250530-2bttvsyly5 1030/05/2025, 22:21
250530-191vdsdj3w 1030/05/2025, 22:11
250530-14c65sykz4 830/05/2025, 22:06
250530-1z3k8sykw3 1030/05/2025, 21:55
250530-1sqyvszxev 10General
-
Target
-
Size
246KB
-
Sample
250530-1z3k8sykw3
-
MD5
9254ca1da9ff8ad492ca5fa06ca181c6
-
SHA1
70fa62e6232eae52467d29cf1c1dacb8a7aeab90
-
SHA256
30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6
-
SHA512
a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a
-
SSDEEP
6144:/85Z+Y97t0Kc0Nd5bHzvvj/R87Z3BxonZ:/8vd2KxNPjs3gZ
Malware Config
Targets
-
-
Target
-
Size
246KB
-
MD5
9254ca1da9ff8ad492ca5fa06ca181c6
-
SHA1
70fa62e6232eae52467d29cf1c1dacb8a7aeab90
-
SHA256
30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6
-
SHA512
a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a
-
SSDEEP
6144:/85Z+Y97t0Kc0Nd5bHzvvj/R87Z3BxonZ:/8vd2KxNPjs3gZ
-
UAC bypass
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
2Modify Registry
4