General
-
Target
261603776412fc9028feb04ba71a42c5d6bd99c0e4fbb4610d19e6d649dba700
-
Size
3.5MB
-
Sample
201113-917ysv92pn
-
MD5
1b9749d2a3369e1f81423a8788c3f338
-
SHA1
aaa78b7cb195bc4a645b0b625daa41ffcd3bf353
-
SHA256
261603776412fc9028feb04ba71a42c5d6bd99c0e4fbb4610d19e6d649dba700
-
SHA512
645848aa7c1272b395294e90189988411c4dfa2cf30f1855f3a5180115a3b97ed04ac033dd182b1c2e9ee711b8b05fb09150916ecfa42b78beb7a672b73c6eaa
Static task
static1
Behavioral task
behavioral1
Sample
261603776412fc9028feb04ba71a42c5d6bd99c0e4fbb4610d19e6d649dba700.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
261603776412fc9028feb04ba71a42c5d6bd99c0e4fbb4610d19e6d649dba700.exe
Resource
win10v20201028
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
261603776412fc9028feb04ba71a42c5d6bd99c0e4fbb4610d19e6d649dba700
-
Size
3.5MB
-
MD5
1b9749d2a3369e1f81423a8788c3f338
-
SHA1
aaa78b7cb195bc4a645b0b625daa41ffcd3bf353
-
SHA256
261603776412fc9028feb04ba71a42c5d6bd99c0e4fbb4610d19e6d649dba700
-
SHA512
645848aa7c1272b395294e90189988411c4dfa2cf30f1855f3a5180115a3b97ed04ac033dd182b1c2e9ee711b8b05fb09150916ecfa42b78beb7a672b73c6eaa
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-