General
-
Target
sidchg64-3.0j.exe
-
Size
1.6MB
-
Sample
240310-jpn7esga8y
-
MD5
0985a28d3bd60aac4320e4bb8418623b
-
SHA1
ccf81ecdce7939fd4cc9d7b40877ced3987b95c0
-
SHA256
d2c3d560a6ad7e714992483ce7044999ed7e56990076a019e530eaa399f5c6cf
-
SHA512
7d251b6c9353b4b68b08a29d3301fb330127371a633b43e2c345b70f6440fdaa7b7666889f80efca05a8376616b0a7afdac7e4b24bbf582b35b555b0015e05f1
-
SSDEEP
24576:PiOv0tuHBEwdjEaZJVamphU9hDe/1Cdc0LQgTjCQyQwodrtDTHf66bmIHYV6O:Pi8VxdjEabpGD8bE5yQwodrtDT/lK6O
Malware Config
Targets
-
-
Target
sidchg64-3.0j.exe
-
Size
1.6MB
-
MD5
0985a28d3bd60aac4320e4bb8418623b
-
SHA1
ccf81ecdce7939fd4cc9d7b40877ced3987b95c0
-
SHA256
d2c3d560a6ad7e714992483ce7044999ed7e56990076a019e530eaa399f5c6cf
-
SHA512
7d251b6c9353b4b68b08a29d3301fb330127371a633b43e2c345b70f6440fdaa7b7666889f80efca05a8376616b0a7afdac7e4b24bbf582b35b555b0015e05f1
-
SSDEEP
24576:PiOv0tuHBEwdjEaZJVamphU9hDe/1Cdc0LQgTjCQyQwodrtDTHf66bmIHYV6O:Pi8VxdjEabpGD8bE5yQwodrtDT/lK6O
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Modifies RDP port number used by Windows
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2