General
-
Target
5a79eba3f9e0e2ab3982c4512195f3f9e4b7b7f56b8993cfff69dfb47567bbe5
-
Size
3.1MB
-
Sample
201109-z1xyhg6ccn
-
MD5
51c65f4486f9c76e90e3cde6a29f552d
-
SHA1
cef1e7f6317a2f49836b9012c6396a7765516b6d
-
SHA256
5a79eba3f9e0e2ab3982c4512195f3f9e4b7b7f56b8993cfff69dfb47567bbe5
-
SHA512
49b3336b62a41facafa6aa37bffa1f467bab8ff5effc4eede9966baa7fcfba613a2b51f979d9fce324324fa76f8d664fde83cf609996e9436f9b4c0d0a28a824
Static task
static1
Behavioral task
behavioral1
Sample
5a79eba3f9e0e2ab3982c4512195f3f9e4b7b7f56b8993cfff69dfb47567bbe5.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5a79eba3f9e0e2ab3982c4512195f3f9e4b7b7f56b8993cfff69dfb47567bbe5.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
5a79eba3f9e0e2ab3982c4512195f3f9e4b7b7f56b8993cfff69dfb47567bbe5
-
Size
3.1MB
-
MD5
51c65f4486f9c76e90e3cde6a29f552d
-
SHA1
cef1e7f6317a2f49836b9012c6396a7765516b6d
-
SHA256
5a79eba3f9e0e2ab3982c4512195f3f9e4b7b7f56b8993cfff69dfb47567bbe5
-
SHA512
49b3336b62a41facafa6aa37bffa1f467bab8ff5effc4eede9966baa7fcfba613a2b51f979d9fce324324fa76f8d664fde83cf609996e9436f9b4c0d0a28a824
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-