General
-
Target
XMLFC-NI_51NRSFBG3LMP4LA4Z0AF2P.zip
-
Size
126KB
-
Sample
210228-7c2m449h9j
-
MD5
9e6bf8bd15e66bcc07f4307d63b6ede5
-
SHA1
5c03f4f9db8c6401d9c26a827652eff5b2c9b09e
-
SHA256
131b3fd8b8c668a179d8caa542f259bd4af7c2f897a4f68ee6295ce659c9b80c
-
SHA512
1e480d2642a37a1ab2eef245fa7c874fa03dcf8a06ba27204bccc72f8c1162b1082ca51cbd6fc810e08481c8b99aa1c405b21a8f6dd9b6819bd05d5fa8333e22
Behavioral task
behavioral1
Sample
XMLFC-NI_51.msi
Resource
win7v20201028
Behavioral task
behavioral2
Sample
XMLFC-NI_51.msi
Resource
win10v20201028
Malware Config
Targets
-
-
Target
XMLFC-NI_51.msi
-
Size
267KB
-
MD5
b07045980a002d6acb923144b8dd4262
-
SHA1
bfb32732765f636f7a70063ae973b2308f816215
-
SHA256
2077054c688da0f0ce294813a47af02f1d7410781afd4bb0063f4b60f0a6be7f
-
SHA512
a1833b717c599b445bf52f96976452d731dbf1e3d51692958c48fe6524a64cbae30084b8f11c8e1245aff0825f85bcce6584bc50be6859ec2f57cc7abc79aaa4
Score8/10-
Blocklisted process makes network request
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-