Overview

overview

8

Static

static

3

Real TIme Protect.exe

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Real TIme Protect.exe

  • Size

    7.1MB

  • Sample

    240504-l35gnsdd55

  • MD5

    a272fb1a6ee8719b9650001aa4ca3a7a

  • SHA1

    56a54bd4ed8a950f988e7ed44851482ec6d64b3d

  • SHA256

    37fc72eb0f2a09cfc1e0c11c2ae2ad11706fc4a8cf1745d99b3187615ab40cbc

  • SHA512

    b6b65f1e7078a0c1789343754d552df083a5ec0d6425e505a2c70f4a4d0a4e4e5eea725c24c3b2a3c28a2abbd4cbb42054faf49effa7d44bae79823b9b5cddf6

  • SSDEEP

    196608:isxWA1HeT39IigleE9TFa0Z8DOjCdylIornzbQWa0kxA:F1+TtIiHY9Z8D8CclnDnw7xA

Score
8/10
discoverypyinstaller

Malware Config

Targets

    • Target

      Real TIme Protect.exe

    • Size

      7.1MB

    • MD5

      a272fb1a6ee8719b9650001aa4ca3a7a

    • SHA1

      56a54bd4ed8a950f988e7ed44851482ec6d64b3d

    • SHA256

      37fc72eb0f2a09cfc1e0c11c2ae2ad11706fc4a8cf1745d99b3187615ab40cbc

    • SHA512

      b6b65f1e7078a0c1789343754d552df083a5ec0d6425e505a2c70f4a4d0a4e4e5eea725c24c3b2a3c28a2abbd4cbb42054faf49effa7d44bae79823b9b5cddf6

    • SSDEEP

      196608:isxWA1HeT39IigleE9TFa0Z8DOjCdylIornzbQWa0kxA:F1+TtIiHY9Z8D8CclnDnw7xA

    Score
    8/10
    discovery

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks