General
-
Target
kl.edata
-
Size
1.1MB
-
Sample
210419-cjcp4hpfxa
-
MD5
36fffcd5ceae94df443a16d622dfd786
-
SHA1
8989ed41babcd0711fade3efc9116395ca2a1571
-
SHA256
ac8fa5bbc7c699494461478225e87f35f3dfdad62fcc998e08a1f506e1e94631
-
SHA512
c6825cc9dbbcedf9d0b013d84d214783f5bc7e5984d8dd5266b22e5a2372eefa93fcf300c4c89ded002678d696c34a6f2e95034cb0cfdd316dacef3663accba8
Static task
static1
Behavioral task
behavioral1
Sample
kl.edata.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
kl.edata.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
kl.edata
-
Size
1.1MB
-
MD5
36fffcd5ceae94df443a16d622dfd786
-
SHA1
8989ed41babcd0711fade3efc9116395ca2a1571
-
SHA256
ac8fa5bbc7c699494461478225e87f35f3dfdad62fcc998e08a1f506e1e94631
-
SHA512
c6825cc9dbbcedf9d0b013d84d214783f5bc7e5984d8dd5266b22e5a2372eefa93fcf300c4c89ded002678d696c34a6f2e95034cb0cfdd316dacef3663accba8
Score10/10-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-