General
-
Target
9e94d4537b6747cd893e241154d4222699342b2206f62543be4b243f2b0eb509
-
Size
2.6MB
-
Sample
221127-2qecqaaa6t
-
MD5
ff6984ff9f44a65cc6cf68509de3a611
-
SHA1
b93d353e0668522fce8e23da730c55d79e7ee1fa
-
SHA256
9e94d4537b6747cd893e241154d4222699342b2206f62543be4b243f2b0eb509
-
SHA512
e5060aef3d73164e5f5f6d8207e7f779f9b319ddc6e13750b7fa8d6db3781292c9c3dbef79d5bd9e1f5f933369ade7f6bd136c1131059f1509a8bafe9e18cf8a
-
SSDEEP
49152:N6NKbc8G1oISKSOp78S8E6XFq87YrmwGzX4aa1QordiAXrEomKlD:zTG3j7x61OiwOoa0oYD
Malware Config
Targets
-
-
Target
9e94d4537b6747cd893e241154d4222699342b2206f62543be4b243f2b0eb509
-
Size
2.6MB
-
MD5
ff6984ff9f44a65cc6cf68509de3a611
-
SHA1
b93d353e0668522fce8e23da730c55d79e7ee1fa
-
SHA256
9e94d4537b6747cd893e241154d4222699342b2206f62543be4b243f2b0eb509
-
SHA512
e5060aef3d73164e5f5f6d8207e7f779f9b319ddc6e13750b7fa8d6db3781292c9c3dbef79d5bd9e1f5f933369ade7f6bd136c1131059f1509a8bafe9e18cf8a
-
SSDEEP
49152:N6NKbc8G1oISKSOp78S8E6XFq87YrmwGzX4aa1QordiAXrEomKlD:zTG3j7x61OiwOoa0oYD
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Sets service image path in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-