Overview

overview

8

Static

static

Radmin_VPN....1.exe

windows7-x64

8

Radmin_VPN....1.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Radmin_VPN_1.2.4457.1.exe

  • Size

    20.5MB

  • Sample

    221229-vjelksgg71

  • MD5

    568fe7961dd284b20e6ad8bf73e6336b

  • SHA1

    f8b6e11b9d0e7cb844fdc22127c9b7f5b2ec413c

  • SHA256

    076dce30a2f12d3b790bf6f1d7ed96f2708931647f280b8fb8fa815b6bc995ca

  • SHA512

    644540bd26417fe6454dd15b67747988995a0727a0714f728e37851f2e14758053970c563ce5203fcfd409d59fa61b563dc6aa22a97ac30e808d3b7429e36e20

  • SSDEEP

    393216:1UTvuBUY5Nkmqk7Tl9K9dPBDpUO5jXIdHj4duB4rcXfzwITWC0rvH2AeobL5ie:mTvuznkAvlKdJDprVXIxsduB4rcXfsIc

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      Radmin_VPN_1.2.4457.1.exe

    • Size

      20.5MB

    • MD5

      568fe7961dd284b20e6ad8bf73e6336b

    • SHA1

      f8b6e11b9d0e7cb844fdc22127c9b7f5b2ec413c

    • SHA256

      076dce30a2f12d3b790bf6f1d7ed96f2708931647f280b8fb8fa815b6bc995ca

    • SHA512

      644540bd26417fe6454dd15b67747988995a0727a0714f728e37851f2e14758053970c563ce5203fcfd409d59fa61b563dc6aa22a97ac30e808d3b7429e36e20

    • SSDEEP

      393216:1UTvuBUY5Nkmqk7Tl9K9dPBDpUO5jXIdHj4duB4rcXfzwITWC0rvH2AeobL5ie:mTvuznkAvlKdJDprVXIxsduB4rcXfsIc

    Score
    8/10
    evasionpersistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks