Overview

overview

8

Static

static

3

RDPWrap-v1.6.2.zip

windows7-x64

RDPWrap-v1.6.2.zip

windows10-2004-x64

1

RDPCheck.exe

windows7-x64

8

RDPCheck.exe

windows10-2004-x64

8

RDPConf.exe

windows7-x64

8

RDPConf.exe

windows10-2004-x64

8

RDPWInst.exe

windows7-x64

3

RDPWInst.exe

windows10-2004-x64

3

install.bat

windows7-x64

8

install.bat

windows10-2004-x64

8

uninstall.bat

windows7-x64

3

uninstall.bat

windows10-2004-x64

3

update.bat

windows7-x64

3

update.bat

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RDPWrap-v1.6.2.zip

  • Size

    1.5MB

  • Sample

    240919-d9pqsszbjq

  • MD5

    c26a2c5f6154225e8d83c4000306f162

  • SHA1

    67c586cedbf0852aa52268311841cbac5c96fdf8

  • SHA256

    35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269

  • SHA512

    d0977bd568d05c20ae3a099a3b9eb44c5ea379060d1470832be933ae98cb517b68509ac0f8679242984e64aef75dc5de5e65f094795fcdc881427ae475fe7c51

  • SSDEEP

    49152:cPEbpqUPr0OMPjmNgyV24OXxr2/NV0CA7QUmu4LnB:cPEbpPPrC4gWFOBr4Wfg

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      RDPWrap-v1.6.2.zip

    • Size

      1.5MB

    • MD5

      c26a2c5f6154225e8d83c4000306f162

    • SHA1

      67c586cedbf0852aa52268311841cbac5c96fdf8

    • SHA256

      35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269

    • SHA512

      d0977bd568d05c20ae3a099a3b9eb44c5ea379060d1470832be933ae98cb517b68509ac0f8679242984e64aef75dc5de5e65f094795fcdc881427ae475fe7c51

    • SSDEEP

      49152:cPEbpqUPr0OMPjmNgyV24OXxr2/NV0CA7QUmu4LnB:cPEbpPPrC4gWFOBr4Wfg

    Score
    1/10
    behavioral1behavioral2

    • Target

      RDPCheck.exe

    • Size

      1021KB

    • MD5

      8f82226b2f24d470c02f6664f67f23f7

    • SHA1

      66f40824b406c748846ef11e6b022958f8cbe48b

    • SHA256

      5603338a1f8dbb46efb8e0869db3491d5db92f362711d6680f91ecc5d18bfadf

    • SHA512

      04bc1f785bddf264699fb6bf6fce9652af8c95872f8fef93540f0b86df2e93ced910f01dc54a76a5425d2f5446d587df6ad20d8976fc4be7e9ce3511eb4b00ee

    • SSDEEP

      12288:AR55BK3IsHoeGoE0SYmsjRwH/fD/sK3wzBOSdzIaVI99l/rk9gvQJg7:81KY2oeGTKRqPCBOSd0aVIHloI

    Score
    8/10
    discovery

    • Modifies RDP port number used by Windows

    behavioral3behavioral4

    • Target

      RDPConf.exe

    • Size

      1.0MB

    • MD5

      03fb8e478f4ba100d37a136231fa2f78

    • SHA1

      98685c37a6140701220c476449bee3f4e1fd28ef

    • SHA256

      3c0e5d6863b03283afda9bd188501757d47dc57fc4bba2bdbb0d9baa34487fe0

    • SHA512

      9d9052691c046e7268543b56c623ea2e9289f226b6c1f6449fbf5e2890f4b66d98e7bc312c663387d9f19d8f1b8b8959f9271fa0e2a51fc15791e29c49d908da

    • SSDEEP

      24576:JwewFB5btX9uALSTRMab+wBySRX7ADs9UXOAPOA:At9UMSJADsaXOAPOA

    Score
    8/10
    discovery

    • Modifies RDP port number used by Windows

    behavioral5behavioral6

    • Target

      RDPWInst.exe

    • Size

      1.4MB

    • MD5

      3288c284561055044c489567fd630ac2

    • SHA1

      11ffeabbe42159e1365aa82463d8690c845ce7b7

    • SHA256

      ac92d4c6397eb4451095949ac485ef4ec38501d7bb6f475419529ae67e297753

    • SHA512

      c25b28a340a23a9fa932aa95075f85fdd61880f29ef96f5179097b652f69434e0f1f8825e2648b2a0de1f4b0f9b8373080a22117974fcdf44112906d330fca02

    • SSDEEP

      24576:prKxoVT2iXc+IZ++6WiaTAsN/3ebTvK+63CWH8iA/iD2hgPjcC8SVdKumYr7:EHZ5pdqYH8ia6GcKuR7

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      install.bat

    • Size

      458B

    • MD5

      cbad5b2ca73917006791882274f769e8

    • SHA1

      64f0a16503bf751eef0c52ec85e6e2df30306c97

    • SHA256

      022364ee1fce61c8a867216c79f223bf47692cd648e3fd6b244fc615b86e4c58

    • SHA512

      bebdcc403d0ec41aa53b4b1ac89806d77e1a52bf786eaccdbdf3a43a2ee8c42065c71a7f86f661511a1102105cc5fef9c1d58d711e7adb8c57b9b1d1ff5bc536

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Server Software Component: Terminal Services DLL

      persistence

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral10behavioral9

    • Target

      uninstall.bat

    • Size

      249B

    • MD5

      eccb8a01d0427ef29c2380d7dda399f3

    • SHA1

      302601e99d6b02e2e84a0de5c0dce3df139cba31

    • SHA256

      083cd340c800cc021d4a59388680ce0e7ab0f8b998e67def6a507070e7fa01b7

    • SHA512

      78d51882fe04cb64f9f6a82b604ef20e4324e5bc37701747fa55b3c153baa5942774daf737ff204f9e75e81a745ed95cc7ec115da91b9e27e646ed41d3f103f9

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      update.bat

    • Size

      249B

    • MD5

      29ca1c35075247b035af75c11cab78f1

    • SHA1

      4f670d13d7532462f4b1e66d085ef8b9f065ff88

    • SHA256

      353f2dc17a4e80564caa175f7170dbedc1b40f704444520ae671f78a5d1f2b6d

    • SHA512

      3970adc72020194f93935fad2c17790170da7f0f4444e2bfc402f9924fdceaa4b6443e9871c3b8cda24089b84cbdcf185f0d31238c0be93c58e280cf36ab71a7

    Score
    3/10
    discovery
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks