General
-
Target
e9e06cbc336ea91a1773ca7be7f49949957307eb6288b8b756f44c7f951ae1dd
-
Size
1.1MB
-
Sample
210302-yylj5b951e
-
MD5
e36bb2d901939cc27d925c96fd54dc07
-
SHA1
508b755c03365c58ce3ab94f7bfdb1224b6810ae
-
SHA256
e9e06cbc336ea91a1773ca7be7f49949957307eb6288b8b756f44c7f951ae1dd
-
SHA512
d19aa68b6ccc09d48b0b8b7619352047998021522a3eb1d2d9b2260bdf80e8a9d04e218fb53241ec8c9a9a8ff82a5eb2b7c8357c7b8abc644d0514e146ed17d6
Static task
static1
Behavioral task
behavioral1
Sample
e9e06cbc336ea91a1773ca7be7f49949957307eb6288b8b756f44c7f951ae1dd.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e9e06cbc336ea91a1773ca7be7f49949957307eb6288b8b756f44c7f951ae1dd.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
e9e06cbc336ea91a1773ca7be7f49949957307eb6288b8b756f44c7f951ae1dd
-
Size
1.1MB
-
MD5
e36bb2d901939cc27d925c96fd54dc07
-
SHA1
508b755c03365c58ce3ab94f7bfdb1224b6810ae
-
SHA256
e9e06cbc336ea91a1773ca7be7f49949957307eb6288b8b756f44c7f951ae1dd
-
SHA512
d19aa68b6ccc09d48b0b8b7619352047998021522a3eb1d2d9b2260bdf80e8a9d04e218fb53241ec8c9a9a8ff82a5eb2b7c8357c7b8abc644d0514e146ed17d6
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-