General
-
Target
20230702675dd81a3ca76b5ca.exe
-
Size
3.1MB
-
Sample
230703-x1na6abb5s
-
MD5
675dd81a3ca76b5ca53aa0e95f3f4c84
-
SHA1
8eb5b4d568f3f95305ae8c5b44e06bf542b351e4
-
SHA256
aad22f823c3f1ae16489dff21de0522b328f9e641445c09839c1a3ed59d17e51
-
SHA512
72418f85c47afbc582709843b1a2254c7d7d60f8105d2550705e9ff20722faa8763f5ebd5843aa50b61f0ae57ea03edca5d996292ac5819361706a2c1e20ba45
-
SSDEEP
12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCv:eEtl9mRda12sX7hKB8NIyXbacAfy
Malware Config
Targets
-
-
Target
20230702675dd81a3ca76b5ca.exe
-
Size
3.1MB
-
MD5
675dd81a3ca76b5ca53aa0e95f3f4c84
-
SHA1
8eb5b4d568f3f95305ae8c5b44e06bf542b351e4
-
SHA256
aad22f823c3f1ae16489dff21de0522b328f9e641445c09839c1a3ed59d17e51
-
SHA512
72418f85c47afbc582709843b1a2254c7d7d60f8105d2550705e9ff20722faa8763f5ebd5843aa50b61f0ae57ea03edca5d996292ac5819361706a2c1e20ba45
-
SSDEEP
12288:sp4pNfz3ymJnJ8QCFkxCaQTOlPes5Z76k/L/KB8NIpYJTCihq82WFpXKEVFA2MCv:eEtl9mRda12sX7hKB8NIyXbacAfy
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-