General
-
Target
871093a0f144cdc4e6f47058f824db4bb6c3f06493c64465e8717488fcb6fd90
-
Size
196KB
-
Sample
201108-kl7vne2d9a
-
MD5
251ad7dc90aec410a4e7b083817948c0
-
SHA1
3db3a0ec625496cd4ef710d86e69054d89a0b8e4
-
SHA256
871093a0f144cdc4e6f47058f824db4bb6c3f06493c64465e8717488fcb6fd90
-
SHA512
d7d46a90770591f482d7d44c42f6a5246cf3655f6b5b34d0b249e5cecafbb3e275923cc899bd4c5c641fa2e6fbd223d85b718ca834fc66df4182010031234c2b
Static task
static1
Behavioral task
behavioral1
Sample
871093a0f144cdc4e6f47058f824db4bb6c3f06493c64465e8717488fcb6fd90.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
871093a0f144cdc4e6f47058f824db4bb6c3f06493c64465e8717488fcb6fd90.exe
Resource
win10v20201028
Malware Config
Extracted
\??\c:\_R_E_A_D___T_H_I_S___55XF_.txt
cerber
http://xpcx6erilkjced3j.onion/2B23-756C-A3CF-0006-48CB
http://xpcx6erilkjced3j.tor2web.org/2B23-756C-A3CF-0006-48CB
http://xpcx6erilkjced3j.onion.link/2B23-756C-A3CF-0006-48CB
http://xpcx6erilkjced3j.onion.nu/2B23-756C-A3CF-0006-48CB
http://xpcx6erilkjced3j.onion.cab/2B23-756C-A3CF-0006-48CB
http://xpcx6erilkjced3j.onion.to/2B23-756C-A3CF-0006-48CB
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___5870WTA_.hta
http://xpcx6erilkjced3j.tor2web.org/2B23-756C-A3CF-0006-48CBhttp://xpcx6erilkjced3j.onion.link/2B23-756C-A3CF-0006-48CBhttp://xpcx6erilkjced3j.onion.nu/2B23-756C-A3CF-0006-48CBhttp://xpcx6erilkjced3j.onion.cab/2B23-756C-A3CF-0006-48CBhttp://xpcx6erilkjced3j.onion.to/2B23-756C-A3CF-0006-48CB
http://xpcx6erilkjced3j.onion/2B23-756C-A3CF-0006-48CB
https://www.baidu.com
Extracted
\??\c:\_R_E_A_D___T_H_I_S___L61W76T_.txt
cerber
http://xpcx6erilkjced3j.onion/C084-6D5E-9709-0006-4955
http://xpcx6erilkjced3j.tor2web.org/C084-6D5E-9709-0006-4955
http://xpcx6erilkjced3j.onion.link/C084-6D5E-9709-0006-4955
http://xpcx6erilkjced3j.onion.nu/C084-6D5E-9709-0006-4955
http://xpcx6erilkjced3j.onion.cab/C084-6D5E-9709-0006-4955
http://xpcx6erilkjced3j.onion.to/C084-6D5E-9709-0006-4955
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___GJJMBYWB_.hta
http://xpcx6erilkjced3j.tor2web.org/C084-6D5E-9709-0006-4955http://xpcx6erilkjced3j.onion.link/C084-6D5E-9709-0006-4955http://xpcx6erilkjced3j.onion.nu/C084-6D5E-9709-0006-4955http://xpcx6erilkjced3j.onion.cab/C084-6D5E-9709-0006-4955http://xpcx6erilkjced3j.onion.to/C084-6D5E-9709-0006-4955
http://xpcx6erilkjced3j.onion/C084-6D5E-9709-0006-4955
https://www.baidu.com
Targets
-
-
Target
871093a0f144cdc4e6f47058f824db4bb6c3f06493c64465e8717488fcb6fd90
-
Size
196KB
-
MD5
251ad7dc90aec410a4e7b083817948c0
-
SHA1
3db3a0ec625496cd4ef710d86e69054d89a0b8e4
-
SHA256
871093a0f144cdc4e6f47058f824db4bb6c3f06493c64465e8717488fcb6fd90
-
SHA512
d7d46a90770591f482d7d44c42f6a5246cf3655f6b5b34d0b249e5cecafbb3e275923cc899bd4c5c641fa2e6fbd223d85b718ca834fc66df4182010031234c2b
Score10/10-
Blacklisted process makes network request
-
Modifies Windows Firewall
-
Deletes itself
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Modifies service
-
Sets desktop wallpaper using registry
-