General
-
Target
XMLFC-NI_91DJ5RXT45MRGZKFBZKILT.zip
-
Size
123KB
-
Sample
210304-hl1hv6sjf2
-
MD5
ed25aee4e84e423bb83ff948ab942abf
-
SHA1
5459addf59562e0c920c793fcc95e2792cf66eb9
-
SHA256
a8c35c7bd501ca58d64791fbb065d32c3265440a78995f3fdccf7da0f77aa7c4
-
SHA512
562f93fd3912969fe1b824f95f035e8f99c814c4c437871a018c56519e793affba3068c36176b6909c97e263d3407827a26faa67a45e023627a090065d6171ec
Behavioral task
behavioral1
Sample
XMLFC-NI_91.msi
Resource
win7v20201028
Behavioral task
behavioral2
Sample
XMLFC-NI_91.msi
Resource
win10v20201028
Malware Config
Targets
-
-
Target
XMLFC-NI_91.msi
-
Size
268KB
-
MD5
ea216c4397537df9d792c82c852796fa
-
SHA1
c9706304fa18ff3640f4f4db414f026b4de4cbee
-
SHA256
eb1cc652821c6f0665e79abe6dffee13461ffd001a331ffc6752460b7e2d073d
-
SHA512
32c00bf837c78c4e4c6e14fd57ee658100547231255aa08cafd4ff9e65455c79e6c405e3b2574da2f422253a32f5a185d41edaad1d0e33c08744514e84cf7e1a
Score8/10-
Blocklisted process makes network request
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-