General
-
Target
8f7dbcfa8bad037d11b43554acc4d273413a2aad3d0d0f18b0ef44ed353d6f0d
-
Size
3.5MB
-
Sample
201106-t4b4q7nmmn
-
MD5
62e859cf533b93d38a05a2490b65fdf4
-
SHA1
85098ce68d91cd54795beca743c7de06b546997c
-
SHA256
8f7dbcfa8bad037d11b43554acc4d273413a2aad3d0d0f18b0ef44ed353d6f0d
-
SHA512
3b90b0d2bc04c21be9b5330d5fccea3708b699c3fa054c90acf89e363ea8f97def8d2cb3ee938139596293e58ef727d27cda3add8c46caf8eddcd8b75494c479
Static task
static1
Behavioral task
behavioral1
Sample
8f7dbcfa8bad037d11b43554acc4d273413a2aad3d0d0f18b0ef44ed353d6f0d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
8f7dbcfa8bad037d11b43554acc4d273413a2aad3d0d0f18b0ef44ed353d6f0d.exe
Resource
win10v20201028
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
8f7dbcfa8bad037d11b43554acc4d273413a2aad3d0d0f18b0ef44ed353d6f0d
-
Size
3.5MB
-
MD5
62e859cf533b93d38a05a2490b65fdf4
-
SHA1
85098ce68d91cd54795beca743c7de06b546997c
-
SHA256
8f7dbcfa8bad037d11b43554acc4d273413a2aad3d0d0f18b0ef44ed353d6f0d
-
SHA512
3b90b0d2bc04c21be9b5330d5fccea3708b699c3fa054c90acf89e363ea8f97def8d2cb3ee938139596293e58ef727d27cda3add8c46caf8eddcd8b75494c479
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-