General
-
Target
2bfda6b2030993c758dec19cd3b266c7b8d8fe53616abab05bf72fccfd638d80
-
Size
1.6MB
-
Sample
210302-zmnstfxdea
-
MD5
12f8e69c3c39d9991281b81577a2209b
-
SHA1
59cd2125afbe1db777fe19030b015413c3820278
-
SHA256
2bfda6b2030993c758dec19cd3b266c7b8d8fe53616abab05bf72fccfd638d80
-
SHA512
47f2be03dc05c265df7a61f20571f0becb2a5639629427702953234b0126a59ba491802f1c37c6f99d8341cb88668c2579c188119a62548ee416dc009edd414e
Static task
static1
Behavioral task
behavioral1
Sample
2bfda6b2030993c758dec19cd3b266c7b8d8fe53616abab05bf72fccfd638d80.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2bfda6b2030993c758dec19cd3b266c7b8d8fe53616abab05bf72fccfd638d80.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
2bfda6b2030993c758dec19cd3b266c7b8d8fe53616abab05bf72fccfd638d80
-
Size
1.6MB
-
MD5
12f8e69c3c39d9991281b81577a2209b
-
SHA1
59cd2125afbe1db777fe19030b015413c3820278
-
SHA256
2bfda6b2030993c758dec19cd3b266c7b8d8fe53616abab05bf72fccfd638d80
-
SHA512
47f2be03dc05c265df7a61f20571f0becb2a5639629427702953234b0126a59ba491802f1c37c6f99d8341cb88668c2579c188119a62548ee416dc009edd414e
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-