General
-
Target
XMLFC-NI_72XBTSBDG2BE3HB54CEAKH.zip
-
Size
126KB
-
Sample
210301-b1mv34bkze
-
MD5
48e265d2916bd4dd45fd7266177c3f5f
-
SHA1
dd55842827b0947291141afa9b620735fe127b9c
-
SHA256
874bec7c03db639f6ef8f1735b0a60d05b59fa95be331129c8dc6b9d8a749439
-
SHA512
987084352403c89a0750fee711cd1939fe175a56639df1627e1846130e54de4a47ebab94423fb2f59bf7a7de13fffbb17a203ac4fa43ca3f22ddd86a2b99c410
Behavioral task
behavioral1
Sample
XMLFC-NI_72.msi
Resource
win7v20201028
Behavioral task
behavioral2
Sample
XMLFC-NI_72.msi
Resource
win10v20201028
Malware Config
Targets
-
-
Target
XMLFC-NI_72.msi
-
Size
268KB
-
MD5
8d3033ccbfc42780fb8525a45012f86f
-
SHA1
1cb6664317ff99fc99695ff1f00e462d8ded854b
-
SHA256
3aaab40ee13b2a7ca08dce541cc739bd0dbe6d32ad2a99bc6dbc99b94c0cb000
-
SHA512
f6a9f0cef9f42d578016b021e30256c6abf168b5d9b4e9c39fd39e527d3b59de7c7ef2bb06c06812e2067dad5d82f6326d6e9b354e34a9539b2289799cd7d4e2
Score8/10-
Blocklisted process makes network request
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-