General
-
Target
d69ccb73_by_Libranalysis
-
Size
3.9MB
-
Sample
210505-zdm61fyyfe
-
MD5
d69ccb7305f3c44c9671c24f8c1a2fff
-
SHA1
9b01a127dc6d424dcd746bd63c23868c66b302bf
-
SHA256
7ca09295652584ac4c0faa24f99df42823474f189e18a8449e6989d14d0cd8f4
-
SHA512
54e8b26abf78a9cb06800c883ad51743a0acdc611221271848fd02a70e2f7c9d6deaa73456bf00591eae76aa1c0bb4b44cc6a90595ed4aa48620ced0b44dd608
Static task
static1
Behavioral task
behavioral1
Sample
d69ccb73_by_Libranalysis.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
d69ccb73_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
d69ccb73_by_Libranalysis
-
Size
3.9MB
-
MD5
d69ccb7305f3c44c9671c24f8c1a2fff
-
SHA1
9b01a127dc6d424dcd746bd63c23868c66b302bf
-
SHA256
7ca09295652584ac4c0faa24f99df42823474f189e18a8449e6989d14d0cd8f4
-
SHA512
54e8b26abf78a9cb06800c883ad51743a0acdc611221271848fd02a70e2f7c9d6deaa73456bf00591eae76aa1c0bb4b44cc6a90595ed4aa48620ced0b44dd608
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-