General
-
Target
f3de66806147c1f89b5c667f35ce8998e93bfa7911f20583492b2700d8e4f342
-
Size
3.4MB
-
Sample
201111-jqfbglxgks
-
MD5
09fd827d8b404557a5c9e06810247c12
-
SHA1
592cec34a644689ea9337a1da194707f795adc14
-
SHA256
f3de66806147c1f89b5c667f35ce8998e93bfa7911f20583492b2700d8e4f342
-
SHA512
6808ccdda230ad235cd6322c264c834783febd71a6f658f7d81df30c1689bf10c0b305978f65d1c4c572d0afce2b811b32494ed3f3f476e97ffc923c5c18060a
Static task
static1
Behavioral task
behavioral1
Sample
f3de66806147c1f89b5c667f35ce8998e93bfa7911f20583492b2700d8e4f342.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f3de66806147c1f89b5c667f35ce8998e93bfa7911f20583492b2700d8e4f342.exe
Resource
win10v20201028
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
f3de66806147c1f89b5c667f35ce8998e93bfa7911f20583492b2700d8e4f342
-
Size
3.4MB
-
MD5
09fd827d8b404557a5c9e06810247c12
-
SHA1
592cec34a644689ea9337a1da194707f795adc14
-
SHA256
f3de66806147c1f89b5c667f35ce8998e93bfa7911f20583492b2700d8e4f342
-
SHA512
6808ccdda230ad235cd6322c264c834783febd71a6f658f7d81df30c1689bf10c0b305978f65d1c4c572d0afce2b811b32494ed3f3f476e97ffc923c5c18060a
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-