General
-
Target
2e45c3146bebd87ccef96e054374ea11.exe
-
Size
645KB
-
Sample
211103-kjelgadde7
-
MD5
2e45c3146bebd87ccef96e054374ea11
-
SHA1
f2be6622242c311beb54f984c2fd85b865c2431c
-
SHA256
df6fa5b55c8196df0a53575cd26f5a7e53146899d41ab1a1a3acdb320f185d1f
-
SHA512
4277153eaea844fdcd1ab7920d290f7a877a2a46e6d71b5b962f445395e7c0299e859409fb52e96920bc31ab6d7ed2be81e69021c0145585984dc57c76469b51
Static task
static1
Behavioral task
behavioral1
Sample
2e45c3146bebd87ccef96e054374ea11.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
2e45c3146bebd87ccef96e054374ea11.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
2e45c3146bebd87ccef96e054374ea11.exe
-
Size
645KB
-
MD5
2e45c3146bebd87ccef96e054374ea11
-
SHA1
f2be6622242c311beb54f984c2fd85b865c2431c
-
SHA256
df6fa5b55c8196df0a53575cd26f5a7e53146899d41ab1a1a3acdb320f185d1f
-
SHA512
4277153eaea844fdcd1ab7920d290f7a877a2a46e6d71b5b962f445395e7c0299e859409fb52e96920bc31ab6d7ed2be81e69021c0145585984dc57c76469b51
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-