General
-
Target
ff2db2dd98e7fbd41569215cbd13be829bdcb0fe4d0d2e1793af0b3e6e9d62da
-
Size
183KB
-
Sample
221129-jztjwsba66
-
MD5
c94866b69a5966b2419fa77efa7dc255
-
SHA1
c2d2f05346cf732a47b980ebcd9ae78462c9f7d5
-
SHA256
ff2db2dd98e7fbd41569215cbd13be829bdcb0fe4d0d2e1793af0b3e6e9d62da
-
SHA512
be087b16e5c28b80dae7b587c8aaad6f261a02e589b08a1d010c4ddc834afb89f30b00c891fb9a02f70c389f38e662d4a2a5f968497b44af5cab74294687c395
-
SSDEEP
3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJW:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWI
Behavioral task
behavioral1
Sample
ff2db2dd98e7fbd41569215cbd13be829bdcb0fe4d0d2e1793af0b3e6e9d62da.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ff2db2dd98e7fbd41569215cbd13be829bdcb0fe4d0d2e1793af0b3e6e9d62da.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ff2db2dd98e7fbd41569215cbd13be829bdcb0fe4d0d2e1793af0b3e6e9d62da
-
Size
183KB
-
MD5
c94866b69a5966b2419fa77efa7dc255
-
SHA1
c2d2f05346cf732a47b980ebcd9ae78462c9f7d5
-
SHA256
ff2db2dd98e7fbd41569215cbd13be829bdcb0fe4d0d2e1793af0b3e6e9d62da
-
SHA512
be087b16e5c28b80dae7b587c8aaad6f261a02e589b08a1d010c4ddc834afb89f30b00c891fb9a02f70c389f38e662d4a2a5f968497b44af5cab74294687c395
-
SSDEEP
3072:rimsXXK9HRTOeriRfP6pXfSb0dspqc5oY0htVFAHT11Ual21Cxcs0HKAH057kyJW:riMmXRH6pXfSb0ceR/VFAHh1kgcs0HWI
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-