General
-
Target
XMLFC-NI_27JC40WUFJKQ0GT2PNDVJC.zip
-
Size
123KB
-
Sample
210306-ds8mxhm4h2
-
MD5
e16a3cb9a130a41d067588400eb0a12f
-
SHA1
a138888d84ed0e5d1fd0441966bb98e1a6a82411
-
SHA256
d0521fb7367c52451968c8a536aac19ea449cbcd144022831cfc63bff5bc0f8e
-
SHA512
3f783c25594f7d11dbfa6fc5026bafe9da08a2f2b6460b759d0a1d66a531055093fe2c95055cf990df63ed3768f0ce2a7cfb44a265ce454be5f0988d98234bbf
Behavioral task
behavioral1
Sample
XMLFC-NI_27.msi
Resource
win7v20201028
Behavioral task
behavioral2
Sample
XMLFC-NI_27.msi
Resource
win10v20201028
Malware Config
Targets
-
-
Target
XMLFC-NI_27.msi
-
Size
267KB
-
MD5
3ba27f796d18104606b2f58744fb017c
-
SHA1
cc253e24ab868e61419a78fc161a5546ce878bd6
-
SHA256
e2eaa5496cb25b7d2866507d4fc494173588897b4d589b8322fc9635bac71e02
-
SHA512
30fa4108697a1f80a3164318d953e585dee98965477e7dcbaf45d1e2194f648c0e4398ee55d3540b09897dfdbd934abed9c48141adddb41d1765109d7806320f
Score8/10-
Blocklisted process makes network request
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-