General
-
Target
60ee8fe843ad606c553b1235.zip
-
Size
11.0MB
-
Sample
210714-z5by1p7p1a
-
MD5
fe494f077841c9775bc18b62389839ca
-
SHA1
ce292cdfec1b1c558b8504f1785a29aefbfae2da
-
SHA256
97274d3483a75cc397119f8004c7d46bab06533c785ccd631fa1a6bf4c57149f
-
SHA512
72b754e436d8c234ab38f6b74bc1414b92faf3e6028ecd94e7a711ce67aea5fb78c5745dcc1ce1c3052ada3029b6c4f1655abf0878c624584f8fbaa4658c926d
Static task
static1
Behavioral task
behavioral1
Sample
START_ME.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
START_ME.exe
-
Size
862KB
-
MD5
e00439037cb00b9ecd737e57e04ab66d
-
SHA1
ca4e359d3bb2bea4ef07d5f41f51b91a9c8ec6aa
-
SHA256
cf05c88c3f3787c4b39cf7f0b0c55964cfa297c43b1bdaae7f64246de32cdf33
-
SHA512
1c2de9daf70b51be60616cf171efb44d29f9abf05eae12883b615b551bb452ef94eeffc4e430de768ec718f7804e3bbf95832c7d1390720394713701c5eb2ddf
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-