General
-
Target
6180947397607424.zip
-
Size
112KB
-
Sample
210720-bhyw8vgm72
-
MD5
ae7a31e7de68396bce81ac674be9180b
-
SHA1
56940b7137f8d01897e35221e0798e7820185447
-
SHA256
1a2c13d0e014cdc2591606ba42657b114feacca068761033c44d53ca3947790c
-
SHA512
6da570cc4a0915cebec40e74768f18b521bf9a0e17e3267d10024fe39b4ce7c9fb40cf4868e556cb46b36308d38dad68ee161e14d11e4d7809547f80a4599c72
Static task
static1
Behavioral task
behavioral1
Sample
b3f1e0cd49aebc345b64fee6ecc1f77596e381fd61395dfcb767988400cebce0.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
b3f1e0cd49aebc345b64fee6ecc1f77596e381fd61395dfcb767988400cebce0
-
Size
121KB
-
MD5
8ef6d1b777a8a7cf38d53dbfa6cf4406
-
SHA1
b63213fd42929c5f7aafe0b61f3e017ab3bbbdfc
-
SHA256
b3f1e0cd49aebc345b64fee6ecc1f77596e381fd61395dfcb767988400cebce0
-
SHA512
04d1e6fe2016a89dba0eb0ea65feadc2c35ca4f126b91efe01f90b7f37e9bfb941bc4a9a32aa37099705dca7c228167fcac6da96d6d2473cd44b9533f0493a62
-
Modifies firewall policy service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-