General
-
Target
e4b86908861cd469bcba966d7230537ea1d0727d46c4fc8cb1262cced20f5b7c
-
Size
15.9MB
-
Sample
241121-p3zszawraj
-
MD5
d3c16cede9b6e4ee304a0184328d313d
-
SHA1
bd82838a3cc343956ecce4d5051b510dd941de11
-
SHA256
e4b86908861cd469bcba966d7230537ea1d0727d46c4fc8cb1262cced20f5b7c
-
SHA512
284c38ba1a8ce4120120eb89a8e17bcbb6c3d18874c189d65812e767a111883813163ab614d5de802b5ee2fe774143a84017399508c24ac061029828d3046f6b
-
SSDEEP
393216:fwibRRlK6/C+1ZDpHKG1cVWNEtW5I+L11k2OEin:f7RllK+LlaaSW5zL1ypEin
Malware Config
Targets
-
-
Target
e4b86908861cd469bcba966d7230537ea1d0727d46c4fc8cb1262cced20f5b7c
-
Size
15.9MB
-
MD5
d3c16cede9b6e4ee304a0184328d313d
-
SHA1
bd82838a3cc343956ecce4d5051b510dd941de11
-
SHA256
e4b86908861cd469bcba966d7230537ea1d0727d46c4fc8cb1262cced20f5b7c
-
SHA512
284c38ba1a8ce4120120eb89a8e17bcbb6c3d18874c189d65812e767a111883813163ab614d5de802b5ee2fe774143a84017399508c24ac061029828d3046f6b
-
SSDEEP
393216:fwibRRlK6/C+1ZDpHKG1cVWNEtW5I+L11k2OEin:f7RllK+LlaaSW5zL1ypEin
Score10/10-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-