General
-
Target
XMLFC-NI_58Z1Z1T5UCKLSBW4SXSBE2.zip
-
Size
123KB
-
Sample
210228-f6yyyrn7s2
-
MD5
f0058ea9b17564b4fbe604174416d465
-
SHA1
0df24c5fed393c6f5db082c7ef69793ab8ac409b
-
SHA256
d1a8958c685e98edaf6ee590cd9731fbde1a93e4f73269a3fe3c3e1c4f323d9c
-
SHA512
e0a780e4b2f890e812a2d3f2151b4582daf300812b5dec0e07426bd027221787e58453e0e970a5291bb4e53edbeac5f7ec2c8ec0468fb1016a5202d0eb02d331
Behavioral task
behavioral1
Sample
XMLFC-NI_58.msi
Resource
win7v20201028
Behavioral task
behavioral2
Sample
XMLFC-NI_58.msi
Resource
win10v20201028
Malware Config
Targets
-
-
Target
XMLFC-NI_58.msi
-
Size
267KB
-
MD5
84c18365351687a195a7c18a35174438
-
SHA1
bb1b29045ec1129d5b14c96c52be0e4210de32c1
-
SHA256
1b021df0f5252c0c54ec09eee3d47affa6a93b2b07e5002b061ced737d0db91f
-
SHA512
8a09b41741a33af36766335d3881fc88ecfb5637de7c91e90c7de903c13c9ea4d35d7b7ad5b9eb6644803ca7c5d8146def3257bd10e35e1d2ba4186e81aebc20
Score8/10-
Blocklisted process makes network request
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-