General
-
Target
d54380f953e1ec9581130143c4922eb5
-
Size
243KB
-
Sample
240319-fnjzjabb2x
-
MD5
d54380f953e1ec9581130143c4922eb5
-
SHA1
79d16728373632ce6ff1153541f0323085069539
-
SHA256
99200990542dee7794486cd828fa4883502037d620a39be5eb16beb94085b2b2
-
SHA512
c8a6c2e1ba703a3d7c5313a6f87f81c2ba8a5302e661c84b8af2d61d7b4472c0e7e6369cbe56ef1c460b698ce6bbe78fc9229e4d4030a1a2708d310f98b4fb97
-
SSDEEP
6144:N0/4jkcyqO3YcK7fD2RysX+001urGFCbeY/B0ZiLwkTFG:W/4TyT8KRQ000UKlp+oTF
Malware Config
Targets
-
-
Target
d54380f953e1ec9581130143c4922eb5
-
Size
243KB
-
MD5
d54380f953e1ec9581130143c4922eb5
-
SHA1
79d16728373632ce6ff1153541f0323085069539
-
SHA256
99200990542dee7794486cd828fa4883502037d620a39be5eb16beb94085b2b2
-
SHA512
c8a6c2e1ba703a3d7c5313a6f87f81c2ba8a5302e661c84b8af2d61d7b4472c0e7e6369cbe56ef1c460b698ce6bbe78fc9229e4d4030a1a2708d310f98b4fb97
-
SSDEEP
6144:N0/4jkcyqO3YcK7fD2RysX+001urGFCbeY/B0ZiLwkTFG:W/4TyT8KRQ000UKlp+oTF
Score10/10-
Modifies WinLogon for persistence
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-