General
-
Target
6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
-
Size
1.8MB
-
Sample
210228-qqf4ryfn92
-
MD5
b86065921a847a96538b72b2f973132f
-
SHA1
6e52c495184a556ab95320508b5c72b3e0e9f9ff
-
SHA256
6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
-
SHA512
32f010e3a7b26a60296f5c05302e81632d2b3d5c2cdc204ce12341151509a092b1993b47b24b058897e4cea4b095fc00ad7a173f3656da8cbe652483c6c1080e
Static task
static1
Behavioral task
behavioral1
Sample
6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
-
Size
1.8MB
-
MD5
b86065921a847a96538b72b2f973132f
-
SHA1
6e52c495184a556ab95320508b5c72b3e0e9f9ff
-
SHA256
6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
-
SHA512
32f010e3a7b26a60296f5c05302e81632d2b3d5c2cdc204ce12341151509a092b1993b47b24b058897e4cea4b095fc00ad7a173f3656da8cbe652483c6c1080e
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-