General
-
Target
f3ac9b8dee459898ff653a9ee6f5056b716ae7e4d880d1e4d3aa2f09dccad691
-
Size
923KB
-
Sample
221124-btxqcsdb5z
-
MD5
3c105635371528e1027593857051e4d6
-
SHA1
d14d696e1989294cd89937b377780a30f9b1eb76
-
SHA256
f3ac9b8dee459898ff653a9ee6f5056b716ae7e4d880d1e4d3aa2f09dccad691
-
SHA512
28c76cdb0d2b12d62cee0941b0aa080e27f7628a8f9c0d0b077c4a62effe46f4e35d6888f2fd221042ebee3e13447f65da9fd0cea0fa049cc9087bdb557c2a5b
-
SSDEEP
6144:mpqoa8aLKC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnCP:mpqKC/2OGAtkCP4cejGSOpRK3CnIiv
Malware Config
Targets
-
-
Target
f3ac9b8dee459898ff653a9ee6f5056b716ae7e4d880d1e4d3aa2f09dccad691
-
Size
923KB
-
MD5
3c105635371528e1027593857051e4d6
-
SHA1
d14d696e1989294cd89937b377780a30f9b1eb76
-
SHA256
f3ac9b8dee459898ff653a9ee6f5056b716ae7e4d880d1e4d3aa2f09dccad691
-
SHA512
28c76cdb0d2b12d62cee0941b0aa080e27f7628a8f9c0d0b077c4a62effe46f4e35d6888f2fd221042ebee3e13447f65da9fd0cea0fa049cc9087bdb557c2a5b
-
SSDEEP
6144:mpqoa8aLKC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnCP:mpqKC/2OGAtkCP4cejGSOpRK3CnIiv
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-