General
-
Target
Psc Gen 2.9 ViP Private.bin
-
Size
141KB
-
Sample
210215-3y5q5fjzc6
-
MD5
094f263b6822d0188bc6a8b615ff5072
-
SHA1
accf72fb4a0a8ffe0949ff5671c6fb08ebf22be7
-
SHA256
9ad63be89938c8fc3a1bd9aa99d02b524e90b6927eeb7cbcfe8a0c59e5431a01
-
SHA512
7474ac562358176ac23640ff93c11b1bf3cb7f2b2c96b3837c150446ec2cd4f00d828fdfdab1f92ab271993ae82b1d5adaf9af7f272fa0d71598e34bd2d70b6f
Static task
static1
Behavioral task
behavioral1
Sample
Psc Gen 2.9 ViP Private.bin.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
Psc Gen 2.9 ViP Private.bin.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
Psc Gen 2.9 ViP Private.bin.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Psc Gen 2.9 ViP Private.bin
-
Size
141KB
-
MD5
094f263b6822d0188bc6a8b615ff5072
-
SHA1
accf72fb4a0a8ffe0949ff5671c6fb08ebf22be7
-
SHA256
9ad63be89938c8fc3a1bd9aa99d02b524e90b6927eeb7cbcfe8a0c59e5431a01
-
SHA512
7474ac562358176ac23640ff93c11b1bf3cb7f2b2c96b3837c150446ec2cd4f00d828fdfdab1f92ab271993ae82b1d5adaf9af7f272fa0d71598e34bd2d70b6f
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Disables Task Manager via registry modification
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-