General
-
Target
5457201880793088.zip
-
Size
1.7MB
-
Sample
211019-ydcrkshcbn
-
MD5
187bdea56c9b016efe61a02cc4713ab6
-
SHA1
3ee76104bce2b030b18dc07fc5d7b6bf8f8e5ccb
-
SHA256
eae4d750de26b0bf5b3435812d64597bce6d855a66146335649a40c374a76391
-
SHA512
e4767d2f66883975f5cb90d152c09bf5e9a8727ff3409a48d2bd4f7865d152b37a87a929c0cc27e90a8396332a1e57e6c41df98ceab1c6cfe2e215bfbd648dc5
Static task
static1
Behavioral task
behavioral1
Sample
59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa
-
Size
1.7MB
-
MD5
df11b3105df8d7c70e7b501e210e3cc3
-
SHA1
01ba101c4355b18ec11652a9ab6f8994279ba769
-
SHA256
59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa
-
SHA512
7afa3a272520b9fdb2d2fcbeb43e4c53d906ab0db7732ca5bdab64d909d1ca7781d8d08bb1ec6c474b0dddc3f91d04af34368edab0ba8a3b0a48fd2bae82b9fa
Score10/10-
Modifies WinLogon for persistence
-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-