General
-
Target
81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
-
Size
3.8MB
-
Sample
201111-dl4mx95j8a
-
MD5
54e25f490523f83e9af9b60ab197a3a7
-
SHA1
e698efcdc53a64ed9df1b2776887e4dbc8a3bf29
-
SHA256
81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
-
SHA512
778a41cb762f2a6d1564d18545b589836ba46d10dc727bb19fd7e3c5f9b50cf0d8fc587cab6e509bc07258d094c9d7624f4938285dfb4bf7dcacef613cb254a9
Static task
static1
Behavioral task
behavioral1
Sample
81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
-
Size
3.8MB
-
MD5
54e25f490523f83e9af9b60ab197a3a7
-
SHA1
e698efcdc53a64ed9df1b2776887e4dbc8a3bf29
-
SHA256
81d0dff89b17ba82da236f32f72ff13afe6d61530ec46e71a37a73793850815e
-
SHA512
778a41cb762f2a6d1564d18545b589836ba46d10dc727bb19fd7e3c5f9b50cf0d8fc587cab6e509bc07258d094c9d7624f4938285dfb4bf7dcacef613cb254a9
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-