General
-
Target
5d60845c75247f0a0350edb76e70431dc3cee90841231b079524dc5a2886bc4a
-
Size
3.4MB
-
Sample
201106-ba1ptba58e
-
MD5
cb15ff552cc7a8f69df60d2d68c8c54d
-
SHA1
e9780d261ca4b8fbe3a2ca0cfaa587c6c642a8c8
-
SHA256
5d60845c75247f0a0350edb76e70431dc3cee90841231b079524dc5a2886bc4a
-
SHA512
d9689e28c8558390f76119fb6a1449b48e0bcae5fae49a495c8cd3f9accc0eedd9d8a9d853977faee45ac82fcfbaa76e183876ca11841fa659bbe4dd625bacba
Static task
static1
Behavioral task
behavioral1
Sample
5d60845c75247f0a0350edb76e70431dc3cee90841231b079524dc5a2886bc4a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5d60845c75247f0a0350edb76e70431dc3cee90841231b079524dc5a2886bc4a.exe
Resource
win10v20201028
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
5d60845c75247f0a0350edb76e70431dc3cee90841231b079524dc5a2886bc4a
-
Size
3.4MB
-
MD5
cb15ff552cc7a8f69df60d2d68c8c54d
-
SHA1
e9780d261ca4b8fbe3a2ca0cfaa587c6c642a8c8
-
SHA256
5d60845c75247f0a0350edb76e70431dc3cee90841231b079524dc5a2886bc4a
-
SHA512
d9689e28c8558390f76119fb6a1449b48e0bcae5fae49a495c8cd3f9accc0eedd9d8a9d853977faee45ac82fcfbaa76e183876ca11841fa659bbe4dd625bacba
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-