General
-
Target
f2423b5b4e9602c5ae496d69e093cfece7b50e2ad71b752ca1c58424f7db1ca7
-
Size
924KB
-
Sample
220521-mmpxqacad9
-
MD5
1d06a749085f95ef5a35c187e2c7025f
-
SHA1
af0721940235027109cfbaddfdda574b5c759a0f
-
SHA256
f2423b5b4e9602c5ae496d69e093cfece7b50e2ad71b752ca1c58424f7db1ca7
-
SHA512
80d4780471f8e57935e998109a563530ceb4bb99baf4efd1183c46366815ee3631be0069dc311ed7881f563b2992441be86e666b505414d9033ae0972dccaf9c
Malware Config
Targets
-
-
Target
AIDS_NT.exe
-
Size
924KB
-
MD5
14eefb80a0813abbf8710387a5383f08
-
SHA1
d3fa355cc1d184be20b441143fa34e4ae1a4bdb2
-
SHA256
61ee3bd82bed03dd0f3fb9bc9b76b7da972a90d3c12c8e4d5e967440a2f04c00
-
SHA512
a3174a80c47a02b6deed6eb390a999fa486f7a4cda7ab614d93589f614a60ba500aa8f42346e80cc53b7e1a5af0f0e515e4b014d23e5af90fabeae504f43f130
Score10/10-
Modifies WinLogon for persistence
-
Modifies system executable filetype association
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Sets desktop wallpaper using registry
-