General

  • Target

    d7455594c0ced8e888154a84944219cbc6f0824e46450b69bb8413616dd07d45

  • Size

    3.1MB

  • Sample

    201108-kdpadzywts

  • MD5

    c9cc3da6e84aedbd74218e5edea5d039

  • SHA1

    f7b3f452245571dfe0906f417cf1cf1097d5cc44

  • SHA256

    d7455594c0ced8e888154a84944219cbc6f0824e46450b69bb8413616dd07d45

  • SHA512

    fb33da351c2f8e68dfcf32f373f2894ef1fd7ad523aa85426231eaf5412d63a47a12ef078f3e56e124676d787f6d71139cec377fa60c7ba7ce255f5d4b18f7fe

Malware Config

Targets

    • Target

      d7455594c0ced8e888154a84944219cbc6f0824e46450b69bb8413616dd07d45

    • Size

      3.1MB

    • MD5

      c9cc3da6e84aedbd74218e5edea5d039

    • SHA1

      f7b3f452245571dfe0906f417cf1cf1097d5cc44

    • SHA256

      d7455594c0ced8e888154a84944219cbc6f0824e46450b69bb8413616dd07d45

    • SHA512

      fb33da351c2f8e68dfcf32f373f2894ef1fd7ad523aa85426231eaf5412d63a47a12ef078f3e56e124676d787f6d71139cec377fa60c7ba7ce255f5d4b18f7fe

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies RDP port number used by Windows

    • Possible privilege escalation attempt

    • Sets DLL path for service in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Modifies file permissions

    • Drops file in System32 directory

    • Modifies service

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Account Manipulation

1
T1098

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Defense Evasion

Modify Registry

3
T1112

File Permissions Modification

1
T1222

Lateral Movement

Remote Desktop Protocol

1
T1076

Tasks