General
-
Target
4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
-
Size
1.5MB
-
Sample
210302-dwmsk6mqce
-
MD5
92a26931fd2b205bc81cdb67632d89c4
-
SHA1
3a345d48d694dc35b1075af7a186363fe709fc69
-
SHA256
4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
-
SHA512
60cb54ca136d0f6e8654ccf1a50ff24db30ce4a76f6a8a07b6304fd7510d407816d6a50c5d29b638e6b97af68bb6dde3581775acc3c912d14fdd65116d2a0636
Static task
static1
Behavioral task
behavioral1
Sample
4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
-
Size
1.5MB
-
MD5
92a26931fd2b205bc81cdb67632d89c4
-
SHA1
3a345d48d694dc35b1075af7a186363fe709fc69
-
SHA256
4a70250c80a24898d1a36a498dedb40a072fe5356ada994c3813e866d48f9b9d
-
SHA512
60cb54ca136d0f6e8654ccf1a50ff24db30ce4a76f6a8a07b6304fd7510d407816d6a50c5d29b638e6b97af68bb6dde3581775acc3c912d14fdd65116d2a0636
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-