General
-
Target
CompiledNTVDM.zip
-
Size
2.7MB
-
Sample
221203-1hp9ksga67
-
MD5
4b82b608988728d1e777f9582eb60fef
-
SHA1
584e6a3057e63697d9db487d956a59e2946ad5e0
-
SHA256
aa38afd9f6522ca8342f30b1dc8dbcaa5e3d35f0a5fbf92597a9448f11929eb1
-
SHA512
bdfab637c0f6781e640041be48e3854258da18abef480dfd41e4b7f5634c62caa08953548db41a85aac4d0c35cca8c8a1cc4d355ef8be2024368e4d3452b1e57
-
SSDEEP
49152:AbySyWzYrqhUrF55qmruwVtEOd3ltpbVTyq5I79+5EUuMzb:AbygMJ5ImruyV3tpJTD50dUfzb
Static task
static1
Behavioral task
behavioral1
Sample
CompiledNTVDM.zip
Resource
win10v2004-20221111-en
Malware Config
Extracted
cobaltstrike
http://A����:3850982656�*H1�W��_P�D$#
-
user_agent
�*H1�W��_P�D$#
Targets
-
-
Target
CompiledNTVDM.zip
-
Size
2.7MB
-
MD5
4b82b608988728d1e777f9582eb60fef
-
SHA1
584e6a3057e63697d9db487d956a59e2946ad5e0
-
SHA256
aa38afd9f6522ca8342f30b1dc8dbcaa5e3d35f0a5fbf92597a9448f11929eb1
-
SHA512
bdfab637c0f6781e640041be48e3854258da18abef480dfd41e4b7f5634c62caa08953548db41a85aac4d0c35cca8c8a1cc4d355ef8be2024368e4d3452b1e57
-
SSDEEP
49152:AbySyWzYrqhUrF55qmruwVtEOd3ltpbVTyq5I79+5EUuMzb:AbygMJ5ImruyV3tpJTD50dUfzb
Score10/10-
Modifies AppInit DLL entries
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-