General
-
Target
7b347a9267ef967f20817b4ef13026bc3ebcf07a2eecd5bc67c7dfdad0d62860
-
Size
3.8MB
-
Sample
201109-9n72651s6x
-
MD5
00ae90dd7e86dc9f42dd6df84652122d
-
SHA1
ce09069c7a20d4ac0ce4169a27eab84d3d0e5fdf
-
SHA256
7b347a9267ef967f20817b4ef13026bc3ebcf07a2eecd5bc67c7dfdad0d62860
-
SHA512
835808a455f963ffb37bb7d3fabdf7f52f0435b1a4f2e4600148024c25657f4ab579f44c444239d118183365eb8e73820c52fabbf8cb4f49b9372f62633fdee5
Malware Config
Targets
-
-
Target
7b347a9267ef967f20817b4ef13026bc3ebcf07a2eecd5bc67c7dfdad0d62860
-
Size
3.8MB
-
MD5
00ae90dd7e86dc9f42dd6df84652122d
-
SHA1
ce09069c7a20d4ac0ce4169a27eab84d3d0e5fdf
-
SHA256
7b347a9267ef967f20817b4ef13026bc3ebcf07a2eecd5bc67c7dfdad0d62860
-
SHA512
835808a455f963ffb37bb7d3fabdf7f52f0435b1a4f2e4600148024c25657f4ab579f44c444239d118183365eb8e73820c52fabbf8cb4f49b9372f62633fdee5
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-