General
-
Target
1ac9d42a596c55757b4f37e6291887149a6070bfedb4e27a86cf3cff4d76f2a2
-
Size
3.4MB
-
Sample
201108-lkl19j57c6
-
MD5
af944f00c218cc525ef7e56f5d634cdf
-
SHA1
532a7870f610b86ef3c1eb3f10b60a9da6152bcb
-
SHA256
1ac9d42a596c55757b4f37e6291887149a6070bfedb4e27a86cf3cff4d76f2a2
-
SHA512
62b68e3651ae7a0222bc3a16442994b9c6d6505965e7b081bac168659b6eb97bbbb0cc5db260e65f4185017de62a5dc16c37347e447467db75ae062022533014
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
1ac9d42a596c55757b4f37e6291887149a6070bfedb4e27a86cf3cff4d76f2a2
-
Size
3.4MB
-
MD5
af944f00c218cc525ef7e56f5d634cdf
-
SHA1
532a7870f610b86ef3c1eb3f10b60a9da6152bcb
-
SHA256
1ac9d42a596c55757b4f37e6291887149a6070bfedb4e27a86cf3cff4d76f2a2
-
SHA512
62b68e3651ae7a0222bc3a16442994b9c6d6505965e7b081bac168659b6eb97bbbb0cc5db260e65f4185017de62a5dc16c37347e447467db75ae062022533014
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-