General
-
Target
6e9e7e6942a4ce7a7a3023cf3f744f7aa2dbed97a2493bc2bb2873be27a8f3fc
-
Size
3.8MB
-
Sample
201112-ncbgs7nxs6
-
MD5
d050bf835cb8a5267754e565cfb75a3a
-
SHA1
c295f051e7e06717326b4bb98bce41d0ef8b4f5d
-
SHA256
6e9e7e6942a4ce7a7a3023cf3f744f7aa2dbed97a2493bc2bb2873be27a8f3fc
-
SHA512
fe1e2dd16b759223dd271597d10c987ba8a3f42966db96948ece963f769d381ef6874fe5597d3d7a7e3799760db9909d5025765ca6cf488cae9e06908c960fd9
Malware Config
Targets
-
-
Target
6e9e7e6942a4ce7a7a3023cf3f744f7aa2dbed97a2493bc2bb2873be27a8f3fc
-
Size
3.8MB
-
MD5
d050bf835cb8a5267754e565cfb75a3a
-
SHA1
c295f051e7e06717326b4bb98bce41d0ef8b4f5d
-
SHA256
6e9e7e6942a4ce7a7a3023cf3f744f7aa2dbed97a2493bc2bb2873be27a8f3fc
-
SHA512
fe1e2dd16b759223dd271597d10c987ba8a3f42966db96948ece963f769d381ef6874fe5597d3d7a7e3799760db9909d5025765ca6cf488cae9e06908c960fd9
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-