Extracted

• • Target

    b79a64e2439ca9ebeb8fa3cd36f62c21

  • Size

    121KB

  • MD5

    b79a64e2439ca9ebeb8fa3cd36f62c21

  • SHA1

    a1ff54a4f905c3293557f75779ee242d45fe58af

  • SHA256

    e3e84fc750d1723ef43cbb825befb65e9786dc1666ac89d082e01bfddaaa749c

  • SHA512

    00744ac6765855d64c4ca9d77fbd68a6a9ab035308329d28acd0bd553c922f1c3638da7a8dcc8f40c24a29f8b804df6117b30b182a59d9d9661e19337e599490

  • SSDEEP

    3072:XP9D2JK8J7jEpZsahrBZ4mqOuI4v3/KW47X4wSxhxbVmg6hF79pLKj83wg9CVmtd:Rtes

  Score

  10^/10

  evasionpersistencetrojan

  • Modifies WinLogon for persistence

    persistence

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2