General

  • Target

    d95a38a7c3ba130e354926102de8f64986d8248ee095e5e410d6ee410d74e0bc

  • Size

    925KB

  • Sample

    191025-blt53ekjex

  • MD5

    10d9941b879f810364de4182ceecbea6

  • SHA1

    ae880a2b142ab04df614e67fa47fb020f95f1c58

  • SHA256

    d95a38a7c3ba130e354926102de8f64986d8248ee095e5e410d6ee410d74e0bc

  • SHA512

    6441370971e55a4d9bb83abee9d4f4ad595de26677c2fa9eafab886d467de3b0812744254deeca93b17cd726c57742c7da32245f3e23971239ee70b1749567c9

Score
10/10

Malware Config

Targets

    • Target

      d95a38a7c3ba130e354926102de8f64986d8248ee095e5e410d6ee410d74e0bc

    • Size

      925KB

    • MD5

      10d9941b879f810364de4182ceecbea6

    • SHA1

      ae880a2b142ab04df614e67fa47fb020f95f1c58

    • SHA256

      d95a38a7c3ba130e354926102de8f64986d8248ee095e5e410d6ee410d74e0bc

    • SHA512

      6441370971e55a4d9bb83abee9d4f4ad595de26677c2fa9eafab886d467de3b0812744254deeca93b17cd726c57742c7da32245f3e23971239ee70b1749567c9

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Program crash

    • Windows security modification

    • Adds Run entry to start application

    • Modifies system certificate store

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks