General
-
Target
974757dbd6787fb2bb5e992adabfeb8ba1e1058584370560837954d06473f6ce
-
Size
319KB
-
Sample
221203-ayzj3saa97
-
MD5
28b4c065e835aa61a04b46c78187b114
-
SHA1
1502e32a541de879b95cd047f4a4a9bad64546af
-
SHA256
974757dbd6787fb2bb5e992adabfeb8ba1e1058584370560837954d06473f6ce
-
SHA512
d2aa6ff25543e478f9163df45d921d5260b428e81fa399854a876c42843b9f54ea1e53c61cee4b4abf0141f8641e45bed0b6789089740acb654ed8e305490fe4
-
SSDEEP
6144:o/0uot0xsv21DFMcciP1fe+B5CEE1CnqSZOZcuBNVRIH80:oJpWv4DFOq3nq5lRIH80
Malware Config
Targets
-
-
Target
974757dbd6787fb2bb5e992adabfeb8ba1e1058584370560837954d06473f6ce
-
Size
319KB
-
MD5
28b4c065e835aa61a04b46c78187b114
-
SHA1
1502e32a541de879b95cd047f4a4a9bad64546af
-
SHA256
974757dbd6787fb2bb5e992adabfeb8ba1e1058584370560837954d06473f6ce
-
SHA512
d2aa6ff25543e478f9163df45d921d5260b428e81fa399854a876c42843b9f54ea1e53c61cee4b4abf0141f8641e45bed0b6789089740acb654ed8e305490fe4
-
SSDEEP
6144:o/0uot0xsv21DFMcciP1fe+B5CEE1CnqSZOZcuBNVRIH80:oJpWv4DFOq3nq5lRIH80
Score10/10-
Modifies firewall policy service
-
UAC bypass
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-