35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269

General

Target

RDPWrap-v1.6.2.zip
Size

1.5MB
Sample

240919-d782nazalr
MD5

c26a2c5f6154225e8d83c4000306f162
SHA1

67c586cedbf0852aa52268311841cbac5c96fdf8
SHA256

35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269
SHA512

d0977bd568d05c20ae3a099a3b9eb44c5ea379060d1470832be933ae98cb517b68509ac0f8679242984e64aef75dc5de5e65f094795fcdc881427ae475fe7c51
SSDEEP

49152:cPEbpqUPr0OMPjmNgyV24OXxr2/NV0CA7QUmu4LnB:cPEbpPPrC4gWFOBr4Wfg

Score

8^/10

Malware Config

Targets

- Target
  
  RDPCheck.exe
- Size
  
  1021KB
- MD5
  
  8f82226b2f24d470c02f6664f67f23f7
- SHA1
  
  66f40824b406c748846ef11e6b022958f8cbe48b
- SHA256
  
  5603338a1f8dbb46efb8e0869db3491d5db92f362711d6680f91ecc5d18bfadf
- SHA512
  
  04bc1f785bddf264699fb6bf6fce9652af8c95872f8fef93540f0b86df2e93ced910f01dc54a76a5425d2f5446d587df6ad20d8976fc4be7e9ce3511eb4b00ee
- SSDEEP
  
  12288:AR55BK3IsHoeGoE0SYmsjRwH/fD/sK3wzBOSdzIaVI99l/rk9gvQJg7:81KY2oeGTKRqPCBOSd0aVIHloI
Score

8^/10

discovery
- Modifies RDP port number used by Windows
behavioral1
- Target
  
  RDPConf.exe
- Size
  
  1.0MB
- MD5
  
  03fb8e478f4ba100d37a136231fa2f78
- SHA1
  
  98685c37a6140701220c476449bee3f4e1fd28ef
- SHA256
  
  3c0e5d6863b03283afda9bd188501757d47dc57fc4bba2bdbb0d9baa34487fe0
- SHA512
  
  9d9052691c046e7268543b56c623ea2e9289f226b6c1f6449fbf5e2890f4b66d98e7bc312c663387d9f19d8f1b8b8959f9271fa0e2a51fc15791e29c49d908da
- SSDEEP
  
  24576:JwewFB5btX9uALSTRMab+wBySRX7ADs9UXOAPOA:At9UMSJADsaXOAPOA
Score

8^/10

discovery
- Modifies RDP port number used by Windows
behavioral2
- Target
  
  RDPWInst.exe
- Size
  
  1.4MB
- MD5
  
  3288c284561055044c489567fd630ac2
- SHA1
  
  11ffeabbe42159e1365aa82463d8690c845ce7b7
- SHA256
  
  ac92d4c6397eb4451095949ac485ef4ec38501d7bb6f475419529ae67e297753
- SHA512
  
  c25b28a340a23a9fa932aa95075f85fdd61880f29ef96f5179097b652f69434e0f1f8825e2648b2a0de1f4b0f9b8373080a22117974fcdf44112906d330fca02
- SSDEEP
  
  24576:prKxoVT2iXc+IZ++6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:EHZ5pdqYH8ia6GcKuR7
Score

3^/10

discovery
behavioral3
- Target
  
  install.bat
- Size
  
  458B
- MD5
  
  cbad5b2ca73917006791882274f769e8
- SHA1
  
  64f0a16503bf751eef0c52ec85e6e2df30306c97
- SHA256
  
  022364ee1fce61c8a867216c79f223bf47692cd648e3fd6b244fc615b86e4c58
- SHA512
  
  bebdcc403d0ec41aa53b4b1ac89806d77e1a52bf786eaccdbdf3a43a2ee8c42065c71a7f86f661511a1102105cc5fef9c1d58d711e7adb8c57b9b1d1ff5bc536
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Server Software Component: Terminal Services DLL
  persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral4
- Target
  
  uninstall.bat
- Size
  
  249B
- MD5
  
  eccb8a01d0427ef29c2380d7dda399f3
- SHA1
  
  302601e99d6b02e2e84a0de5c0dce3df139cba31
- SHA256
  
  083cd340c800cc021d4a59388680ce0e7ab0f8b998e67def6a507070e7fa01b7
- SHA512
  
  78d51882fe04cb64f9f6a82b604ef20e4324e5bc37701747fa55b3c153baa5942774daf737ff204f9e75e81a745ed95cc7ec115da91b9e27e646ed41d3f103f9
Score

3^/10

discovery
behavioral5
- Target
  
  update.bat
- Size
  
  249B
- MD5
  
  29ca1c35075247b035af75c11cab78f1
- SHA1
  
  4f670d13d7532462f4b1e66d085ef8b9f065ff88
- SHA256
  
  353f2dc17a4e80564caa175f7170dbedc1b40f704444520ae671f78a5d1f2b6d
- SHA512
  
  3970adc72020194f93935fad2c17790170da7f0f4444e2bfc402f9924fdceaa4b6443e9871c3b8cda24089b84cbdcf185f0d31238c0be93c58e280cf36ab71a7
Score

3^/10

discovery
behavioral6