General
-
Target
09fd827d8b404557a5c9e06810247c12
-
Size
3.4MB
-
Sample
201117-mxwyja6k66
-
MD5
afb57d5d065aaa204e8a5c6803bab72b
-
SHA1
5cd785582bba69f740a8943c02123e683a541b3b
-
SHA256
3126cbdac814b04d544ff02e968d2143b231bb6d981ff8bf1812f6314cca187e
-
SHA512
40bfdc844abc2f49e810ac63e6e6b739aa656830d3833292dd1b43456a8452aa7181d675e28e4f4bf0f920009e35b0d631ec39a25968f12b7335528c41181f98
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
09fd827d8b404557a5c9e06810247c12
-
Size
3.4MB
-
MD5
afb57d5d065aaa204e8a5c6803bab72b
-
SHA1
5cd785582bba69f740a8943c02123e683a541b3b
-
SHA256
3126cbdac814b04d544ff02e968d2143b231bb6d981ff8bf1812f6314cca187e
-
SHA512
40bfdc844abc2f49e810ac63e6e6b739aa656830d3833292dd1b43456a8452aa7181d675e28e4f4bf0f920009e35b0d631ec39a25968f12b7335528c41181f98
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-