General
-
Target
34594608a34303c900bc8ee61fd4f6a8.exe
-
Size
2.4MB
-
Sample
210117-39nmj1dxe2
-
MD5
34594608a34303c900bc8ee61fd4f6a8
-
SHA1
7ba01079bff6467a7138621be2e905f9b99a7b00
-
SHA256
c589c3ffe9498e350a71024049e786772704a42873de61a966779d7794214183
-
SHA512
41035b5c91f7445c1bd452f80db4c5f8b4f7cf0b0ff64ad04618d7ff035fa7709b91d32720e288731fcee3150e3aa389d1ed168653bedcb1034470dad3c8dead
Static task
static1
Behavioral task
behavioral1
Sample
34594608a34303c900bc8ee61fd4f6a8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
34594608a34303c900bc8ee61fd4f6a8.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
34594608a34303c900bc8ee61fd4f6a8.exe
-
Size
2.4MB
-
MD5
34594608a34303c900bc8ee61fd4f6a8
-
SHA1
7ba01079bff6467a7138621be2e905f9b99a7b00
-
SHA256
c589c3ffe9498e350a71024049e786772704a42873de61a966779d7794214183
-
SHA512
41035b5c91f7445c1bd452f80db4c5f8b4f7cf0b0ff64ad04618d7ff035fa7709b91d32720e288731fcee3150e3aa389d1ed168653bedcb1034470dad3c8dead
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-