General
-
Target
56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717
-
Size
704KB
-
Sample
210513-vf3sjzfnnx
-
MD5
e7f9d6dd424f33059dda93a35ab3f69c
-
SHA1
617c2988a2149f71c185d0e5f2f0a3a2f31225ec
-
SHA256
56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717
-
SHA512
cd24b7603efa82f0cda296bddb96e6361c73de071545ab59e51ce779ceda87e85dce8b97edd12be06a8ec0b743629673360150e67f3ccec618bd14b22e5826fd
Malware Config
Targets
-
-
Target
56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717
-
Size
704KB
-
MD5
e7f9d6dd424f33059dda93a35ab3f69c
-
SHA1
617c2988a2149f71c185d0e5f2f0a3a2f31225ec
-
SHA256
56ad1418f470bc5e6667574e054649d85cbb1242818baf62a294bdfca90df717
-
SHA512
cd24b7603efa82f0cda296bddb96e6361c73de071545ab59e51ce779ceda87e85dce8b97edd12be06a8ec0b743629673360150e67f3ccec618bd14b22e5826fd
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-