General
-
Target
ScreenConnect.Client.exe
-
Size
84KB
-
Sample
240319-g6hd4ada6t
-
MD5
8fb783a169a6188debdc8c1e42d07e31
-
SHA1
e3ec03235a13e1f9e45187d117532f2d68d2429c
-
SHA256
9981ed7c447e9ac114f710b6af2fa30413bfe8013863cd317b80e43c166ccca6
-
SHA512
c63233681b8fde84d9de845dba66fddf52e378e20d8da896d9e0acc10a1a316dd3aa7c98ecd43781d2d17fac52a7b21bf374bbc437c6143ea66bcb6adb5f2676
-
SSDEEP
1536:+azWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYYS7Q8x6:yFNpo6rIKlUE8fbkqRfbaQlaYYS6
Malware Config
Targets
-
-
Target
ScreenConnect.Client.exe
-
Size
84KB
-
MD5
8fb783a169a6188debdc8c1e42d07e31
-
SHA1
e3ec03235a13e1f9e45187d117532f2d68d2429c
-
SHA256
9981ed7c447e9ac114f710b6af2fa30413bfe8013863cd317b80e43c166ccca6
-
SHA512
c63233681b8fde84d9de845dba66fddf52e378e20d8da896d9e0acc10a1a316dd3aa7c98ecd43781d2d17fac52a7b21bf374bbc437c6143ea66bcb6adb5f2676
-
SSDEEP
1536:+azWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYYS7Q8x6:yFNpo6rIKlUE8fbkqRfbaQlaYYS6
Score8/10-
Downloads MZ/PE file
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-