General
-
Target
4.mxt-helper.exe
-
Size
13.6MB
-
Sample
240211-k5n22age95
-
MD5
45263348c9c32120449ae682a5c97152
-
SHA1
c380368875234bae63107b6e06921a9a9e13cec0
-
SHA256
fda0375fa6de1d0e20f4c6cd8d33abfa8efe70722e34d1f0be54e42bb5be2859
-
SHA512
7b1d69e3e7f127e3512951c5532c9f60453b767362820ff3fa2fc2248407876ffa663bcbbfb40efc39b6c2c97e7d57cea4356a630f7fb887f4623a0b852f2e71
-
SSDEEP
393216:EJv1A0jHLMwm28loKQVOG5W0oYhswg8e3w0ll5wXJ:EfA0rp9DKaRsw/egQw5
Static task
static1
Behavioral task
behavioral1
Sample
4.mxt-helper.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
4.mxt-helper.exe
-
Size
13.6MB
-
MD5
45263348c9c32120449ae682a5c97152
-
SHA1
c380368875234bae63107b6e06921a9a9e13cec0
-
SHA256
fda0375fa6de1d0e20f4c6cd8d33abfa8efe70722e34d1f0be54e42bb5be2859
-
SHA512
7b1d69e3e7f127e3512951c5532c9f60453b767362820ff3fa2fc2248407876ffa663bcbbfb40efc39b6c2c97e7d57cea4356a630f7fb887f4623a0b852f2e71
-
SSDEEP
393216:EJv1A0jHLMwm28loKQVOG5W0oYhswg8e3w0ll5wXJ:EfA0rp9DKaRsw/egQw5
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Clears Windows event logs
-
Nirsoft
-
Stops running service(s)
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-