General
-
Target
2180513e9a805c5afc47545b90f742c1d7d44f0a594eb2bb0013ab4836a52364
-
Size
169KB
-
Sample
210517-z5aad6p8d2
-
MD5
2159bb068b54cf9d97d0704083263a56
-
SHA1
b7d8a5beba1121853e8354218d47c65a33dc4950
-
SHA256
2180513e9a805c5afc47545b90f742c1d7d44f0a594eb2bb0013ab4836a52364
-
SHA512
2d90858ca6a38d087448a56d3aee18d2b82d7ee629f3391e9c1b132830840166952e0cf70a699bb3f309d7ddde70ceaf9242591aafda104ae0a8297a28fb3b93
Static task
static1
Behavioral task
behavioral1
Sample
2180513e9a805c5afc47545b90f742c1d7d44f0a594eb2bb0013ab4836a52364.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2180513e9a805c5afc47545b90f742c1d7d44f0a594eb2bb0013ab4836a52364.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
2180513e9a805c5afc47545b90f742c1d7d44f0a594eb2bb0013ab4836a52364
-
Size
169KB
-
MD5
2159bb068b54cf9d97d0704083263a56
-
SHA1
b7d8a5beba1121853e8354218d47c65a33dc4950
-
SHA256
2180513e9a805c5afc47545b90f742c1d7d44f0a594eb2bb0013ab4836a52364
-
SHA512
2d90858ca6a38d087448a56d3aee18d2b82d7ee629f3391e9c1b132830840166952e0cf70a699bb3f309d7ddde70ceaf9242591aafda104ae0a8297a28fb3b93
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-