General
-
Target
Radmin_VPN_1.4.4642.1.exe
-
Size
20.8MB
-
Sample
241121-afvs6s1lbk
-
MD5
5d8706970dd725471dcbc5acb4dbddce
-
SHA1
c86dad0644fe6b38351fe16add60b12444e23fd0
-
SHA256
8ca04d27ef8c28e0edac3b740ebe7fb8839b4794752a0d359ae18de22fc6be35
-
SHA512
4a284ca5026cdb7dea9d860e51d141447b572d86dcc16bbe831416fb52a7d0ef8390aafd1b141842196c758208e461cfb013ff2e3e44774e022795b94e4ade74
-
SSDEEP
393216:qU5RvYB6GOGkAj3Xb2gEq5xWeZYz9YmgvDxvW1m1ck1UYLFOit:HrGdOGjj3XiLixb6z+mgvdvfeYL00
Malware Config
Targets
-
-
Target
Radmin_VPN_1.4.4642.1.exe
-
Size
20.8MB
-
MD5
5d8706970dd725471dcbc5acb4dbddce
-
SHA1
c86dad0644fe6b38351fe16add60b12444e23fd0
-
SHA256
8ca04d27ef8c28e0edac3b740ebe7fb8839b4794752a0d359ae18de22fc6be35
-
SHA512
4a284ca5026cdb7dea9d860e51d141447b572d86dcc16bbe831416fb52a7d0ef8390aafd1b141842196c758208e461cfb013ff2e3e44774e022795b94e4ade74
-
SSDEEP
393216:qU5RvYB6GOGkAj3Xb2gEq5xWeZYz9YmgvDxvW1m1ck1UYLFOit:HrGdOGjj3XiLixb6z+mgvdvfeYL00
Score10/10-
Modifies security service
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2