General
-
Target
spoofer.exe
-
Size
9.4MB
-
Sample
240331-3cqdhafd82
-
MD5
80ec9fe0e6a95907f78b6038623c8618
-
SHA1
42b44edc959f80a9a5a48e2aca4104912044b891
-
SHA256
e9444aab090e91374385729b93f05668504a966d2bb00b516dfd6abb961f4c0f
-
SHA512
e66550f70b85ca12c51b8a6cc91b370a7f4d734c19ae20c1f4a8f9495cc9222cefe0202ca016c1b14ce71ab6bfc4211c1d7c897493f12eae1ff4ebfaaeb77e90
-
SSDEEP
196608:l2bKBGvNyjWR+hQU8sKmgpHT97KnGNJQdVBuk7Tt2fMcto:GEoYjWnsbSx7mGn+AqxPcto
Static task
static1
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win10-20240221-en
Malware Config
Targets
-
-
Target
spoofer.exe
-
Size
9.4MB
-
MD5
80ec9fe0e6a95907f78b6038623c8618
-
SHA1
42b44edc959f80a9a5a48e2aca4104912044b891
-
SHA256
e9444aab090e91374385729b93f05668504a966d2bb00b516dfd6abb961f4c0f
-
SHA512
e66550f70b85ca12c51b8a6cc91b370a7f4d734c19ae20c1f4a8f9495cc9222cefe0202ca016c1b14ce71ab6bfc4211c1d7c897493f12eae1ff4ebfaaeb77e90
-
SSDEEP
196608:l2bKBGvNyjWR+hQU8sKmgpHT97KnGNJQdVBuk7Tt2fMcto:GEoYjWnsbSx7mGn+AqxPcto
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Nirsoft
-
Drops file in Drivers directory
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-