Overview

overview

10

Static

static

1

Radmin_VPN....3.exe

windows10-1703-x64

10

Resubmissions

06/03/2023, 17:58

230306-wkmt1sed86 10

27/02/2023, 05:14

230227-fw4znsbg5s 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Radmin_VPN_1.3.4568.3.exe

  • Size

    20.7MB

  • Sample

    230306-wkmt1sed86

  • MD5

    0df6a3da3b4eb4def6eb111b2dd01a20

  • SHA1

    41d9bebe4d89458709ce7d0407f0a551110f3cb0

  • SHA256

    1f4d6ca8cc9230c4b3c87ec4babbdc3749c471b3065d850058abb2258cd8c79f

  • SHA512

    56ae89fe2961c6b01537d8b533c0a809b49aabcb706674f403e91805e9e56ee38fc884c9803a2ef6e81182cc3f9d3b96a060783be977c856437c61b3e54c5027

  • SSDEEP

    393216:AUvTNvoKCdx9RKikmmDzVRqdQNWWEfOgDFKlyzPRW2+gJY8XlVW/vRONlAuw3i1:BZvDYRKiHmDZYQNJRdlyzPIofXl8/UNt

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      Radmin_VPN_1.3.4568.3.exe

    • Size

      20.7MB

    • MD5

      0df6a3da3b4eb4def6eb111b2dd01a20

    • SHA1

      41d9bebe4d89458709ce7d0407f0a551110f3cb0

    • SHA256

      1f4d6ca8cc9230c4b3c87ec4babbdc3749c471b3065d850058abb2258cd8c79f

    • SHA512

      56ae89fe2961c6b01537d8b533c0a809b49aabcb706674f403e91805e9e56ee38fc884c9803a2ef6e81182cc3f9d3b96a060783be977c856437c61b3e54c5027

    • SSDEEP

      393216:AUvTNvoKCdx9RKikmmDzVRqdQNWWEfOgDFKlyzPRW2+gJY8XlVW/vRONlAuw3i1:BZvDYRKiHmDZYQNJRdlyzPIofXl8/UNt

    Score
    10/10
    evasionpersistence

    • Modifies security service

      evasion

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks