General
-
Target
4507652955734016.zip
-
Size
1005KB
-
Sample
211119-ve1y1sbadj
-
MD5
d63b51bf04777e000ab4a24f8852da19
-
SHA1
be78c944e46f130896dee85f39f55afaaa29fb93
-
SHA256
d616d1c1f19a14499a9106e7fb45616a497b77662b9c59c8fd7d4bda407fb96e
-
SHA512
e7144b4a9f7901965bd9b1bed1032f50591ef4580a4b60cb92be8a2fd320774cb75a4fc81d29a4f9131150fb1423117ceca3c772d0e66a405facbc9ab44fa684
Static task
static1
Behavioral task
behavioral1
Sample
8cef523542375b59ba8b5383ac0dff14266d0b27e73a46c9ed930942c353427e.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
8cef523542375b59ba8b5383ac0dff14266d0b27e73a46c9ed930942c353427e.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
8cef523542375b59ba8b5383ac0dff14266d0b27e73a46c9ed930942c353427e
-
Size
1.7MB
-
MD5
8ab1255477e4c5b117f6ba88f1cd301d
-
SHA1
be11ff9b20e1ba986e6a690a2426ae11214b8a24
-
SHA256
8cef523542375b59ba8b5383ac0dff14266d0b27e73a46c9ed930942c353427e
-
SHA512
bca9efe08f75f2ce17eac57e5aae50ed7b747b03cf7957cad2500c308b2eaf48f55c661f7fb4ecb2c34bbd796ebd71deb19f841b57fb16aecc72ef58c00f4a80
Score10/10-
Modifies WinLogon for persistence
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-