General
-
Target
f641d4e36be88ba77ab876cf53c8b65602d43fa93560f128a8ccf48cf3297dd7
-
Size
440KB
-
Sample
221002-fqj3baahhn
-
MD5
7072bf381660ae357c61793d5c479700
-
SHA1
51b273858735fe2b23c2e56456f72bf9039f5e1a
-
SHA256
f641d4e36be88ba77ab876cf53c8b65602d43fa93560f128a8ccf48cf3297dd7
-
SHA512
db441cf5ac412a8df6eb51edf33c58ba59398312cfd07810c446dd11150f578e0522c25ec6a8fb13373692314954b67d6d9533d39f1cf312de151fc614df8e6d
-
SSDEEP
6144:k82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBilu:Cp4pNfz3ymJnJ8QCFkxCaQTOl2u
Malware Config
Targets
-
-
Target
f641d4e36be88ba77ab876cf53c8b65602d43fa93560f128a8ccf48cf3297dd7
-
Size
440KB
-
MD5
7072bf381660ae357c61793d5c479700
-
SHA1
51b273858735fe2b23c2e56456f72bf9039f5e1a
-
SHA256
f641d4e36be88ba77ab876cf53c8b65602d43fa93560f128a8ccf48cf3297dd7
-
SHA512
db441cf5ac412a8df6eb51edf33c58ba59398312cfd07810c446dd11150f578e0522c25ec6a8fb13373692314954b67d6d9533d39f1cf312de151fc614df8e6d
-
SSDEEP
6144:k82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBilu:Cp4pNfz3ymJnJ8QCFkxCaQTOl2u
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-