General
-
Target
4bcb3b113699b2176112a6a57f720ea95e4a9aa660f7c82871ac324c2f9b433f
-
Size
3.4MB
-
Sample
210302-bh2cg9431e
-
MD5
ad69ef0cdf6d7c1eff3fe466028c213c
-
SHA1
199e578db6e2042126eceea8c4129baa6b887a51
-
SHA256
4bcb3b113699b2176112a6a57f720ea95e4a9aa660f7c82871ac324c2f9b433f
-
SHA512
c3f7d8f884b2a33950aee60574d9584f768abc6ea523c1a530a101b6f9017b1cd3eb0f2fcd23296117eb899480e32d3b86c735dd35761bb3822d4fc1043db5eb
Static task
static1
Behavioral task
behavioral1
Sample
4bcb3b113699b2176112a6a57f720ea95e4a9aa660f7c82871ac324c2f9b433f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4bcb3b113699b2176112a6a57f720ea95e4a9aa660f7c82871ac324c2f9b433f.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
4bcb3b113699b2176112a6a57f720ea95e4a9aa660f7c82871ac324c2f9b433f
-
Size
3.4MB
-
MD5
ad69ef0cdf6d7c1eff3fe466028c213c
-
SHA1
199e578db6e2042126eceea8c4129baa6b887a51
-
SHA256
4bcb3b113699b2176112a6a57f720ea95e4a9aa660f7c82871ac324c2f9b433f
-
SHA512
c3f7d8f884b2a33950aee60574d9584f768abc6ea523c1a530a101b6f9017b1cd3eb0f2fcd23296117eb899480e32d3b86c735dd35761bb3822d4fc1043db5eb
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-