General
-
Target
a8af86c0506ed9d309befeb3aa365eff2d965868669e6bbd684bfb0c3973bfec
-
Size
239KB
-
Sample
210518-kssz9mkv9x
-
MD5
24c4427017d501e960776484000a0309
-
SHA1
0b8dff40ea5f845ac72a9ab41f3a4d359a9fc55d
-
SHA256
a8af86c0506ed9d309befeb3aa365eff2d965868669e6bbd684bfb0c3973bfec
-
SHA512
b4b5ed7f42e7a379887292cffbbff7cbc3ba45c33044899cbe5e734fcaf69e12c33327b234d08b1bc368c91e7cd88bb9383d246364ecc9f2c6d604efc0f8b262
Static task
static1
Behavioral task
behavioral1
Sample
a8af86c0506ed9d309befeb3aa365eff2d965868669e6bbd684bfb0c3973bfec.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a8af86c0506ed9d309befeb3aa365eff2d965868669e6bbd684bfb0c3973bfec.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
a8af86c0506ed9d309befeb3aa365eff2d965868669e6bbd684bfb0c3973bfec
-
Size
239KB
-
MD5
24c4427017d501e960776484000a0309
-
SHA1
0b8dff40ea5f845ac72a9ab41f3a4d359a9fc55d
-
SHA256
a8af86c0506ed9d309befeb3aa365eff2d965868669e6bbd684bfb0c3973bfec
-
SHA512
b4b5ed7f42e7a379887292cffbbff7cbc3ba45c33044899cbe5e734fcaf69e12c33327b234d08b1bc368c91e7cd88bb9383d246364ecc9f2c6d604efc0f8b262
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-