General
-
Target
0ab40251273af3a0e2c76935d1176ca71e898c5a935d9aed1a8f4b21a0e0d8c9
-
Size
535KB
-
Sample
221003-eacgvsgaer
-
MD5
6acd1647078d560a5ec3d53f85b5c709
-
SHA1
5d55d16df9e337800c7410a819ee7b56f7b4b31e
-
SHA256
0ab40251273af3a0e2c76935d1176ca71e898c5a935d9aed1a8f4b21a0e0d8c9
-
SHA512
08dc141a957f1e5bcd1c92f51093abd1b8dfcfccfccc2f5572a0304282ad93f05ce47900a799b1e8b1705f22e74ad84a6203db89a637333f347974df64fe47a9
-
SSDEEP
12288:vSo6xg5kN530xuooqMVwsgTo6xg5kN530xuooqT:b6u5030x+gE6u5030xD
Static task
static1
Behavioral task
behavioral1
Sample
0ab40251273af3a0e2c76935d1176ca71e898c5a935d9aed1a8f4b21a0e0d8c9.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0ab40251273af3a0e2c76935d1176ca71e898c5a935d9aed1a8f4b21a0e0d8c9.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
0ab40251273af3a0e2c76935d1176ca71e898c5a935d9aed1a8f4b21a0e0d8c9
-
Size
535KB
-
MD5
6acd1647078d560a5ec3d53f85b5c709
-
SHA1
5d55d16df9e337800c7410a819ee7b56f7b4b31e
-
SHA256
0ab40251273af3a0e2c76935d1176ca71e898c5a935d9aed1a8f4b21a0e0d8c9
-
SHA512
08dc141a957f1e5bcd1c92f51093abd1b8dfcfccfccc2f5572a0304282ad93f05ce47900a799b1e8b1705f22e74ad84a6203db89a637333f347974df64fe47a9
-
SSDEEP
12288:vSo6xg5kN530xuooqMVwsgTo6xg5kN530xuooqT:b6u5030x+gE6u5030xD
Score8/10-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-