General
-
Target
eee9090fedb6cf32b1729db9cafb6b7995f45d7e417029e124b7960f06d194f2
-
Size
3.5MB
-
Sample
201109-338daxsbj2
-
MD5
551466c49c45b71ee7b4d5a4fc0a800e
-
SHA1
be312273c1db869c5f23cc9ba24b31b66824a809
-
SHA256
eee9090fedb6cf32b1729db9cafb6b7995f45d7e417029e124b7960f06d194f2
-
SHA512
1f4de516895870a74444b560df538259137900d73b78970926d7bebd0e759976630273e21c8cd6921aec85d614d6d305071cccf5c217762665e5e91d24694e4a
Static task
static1
Behavioral task
behavioral1
Sample
eee9090fedb6cf32b1729db9cafb6b7995f45d7e417029e124b7960f06d194f2.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
eee9090fedb6cf32b1729db9cafb6b7995f45d7e417029e124b7960f06d194f2.exe
Resource
win10v20201028
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
eee9090fedb6cf32b1729db9cafb6b7995f45d7e417029e124b7960f06d194f2
-
Size
3.5MB
-
MD5
551466c49c45b71ee7b4d5a4fc0a800e
-
SHA1
be312273c1db869c5f23cc9ba24b31b66824a809
-
SHA256
eee9090fedb6cf32b1729db9cafb6b7995f45d7e417029e124b7960f06d194f2
-
SHA512
1f4de516895870a74444b560df538259137900d73b78970926d7bebd0e759976630273e21c8cd6921aec85d614d6d305071cccf5c217762665e5e91d24694e4a
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-