General
-
Target
051766ef88a72e0bac7018b870b742f09a4b3513c6cc1eac27af4df47481451e
-
Size
1.1MB
-
Sample
220527-xnxdashah4
-
MD5
3d82068fdffa77e75bcb85245cb6e91a
-
SHA1
9099ac68f913f8ee5e5b977c4998b028f9d1c73a
-
SHA256
051766ef88a72e0bac7018b870b742f09a4b3513c6cc1eac27af4df47481451e
-
SHA512
71185e54a8a24f047c1e0b85d4e204335935901229737b1ca16abbe66a34fb83fe7a29b5ba520f8249e34437ddd10eb955222ed9e5dfcc407cef03350536cf17
Malware Config
Targets
-
-
Target
051766ef88a72e0bac7018b870b742f09a4b3513c6cc1eac27af4df47481451e
-
Size
1.1MB
-
MD5
3d82068fdffa77e75bcb85245cb6e91a
-
SHA1
9099ac68f913f8ee5e5b977c4998b028f9d1c73a
-
SHA256
051766ef88a72e0bac7018b870b742f09a4b3513c6cc1eac27af4df47481451e
-
SHA512
71185e54a8a24f047c1e0b85d4e204335935901229737b1ca16abbe66a34fb83fe7a29b5ba520f8249e34437ddd10eb955222ed9e5dfcc407cef03350536cf17
Score10/10-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-