General
-
Target
d30896edbec33b0a143e60e5588d7304998614b8a4400cc9a5d37e5b75210a97N.exe
-
Size
97KB
-
Sample
241201-s4fchazkeq
-
MD5
35d32ac777d694188d6bd2a89e541250
-
SHA1
6ee4cebbfc71483cd19e6dd01eceaa583cf976a1
-
SHA256
d30896edbec33b0a143e60e5588d7304998614b8a4400cc9a5d37e5b75210a97
-
SHA512
4e2ac2282653247db5ab6983292b7fb529a86286ca868cef6b2ceb70450ec870a266eb8c21467a4eb04035fd0fc71ce5ffb36d2d0986233bdb1e6c2471ae5702
-
SSDEEP
3072:MwavFbFSymUJlum6XhJTeiWswHQVcScs7e3/0o:MnvFbFfV7udxteiWpQVcEe3M
Malware Config
Targets
-
-
Target
d30896edbec33b0a143e60e5588d7304998614b8a4400cc9a5d37e5b75210a97N.exe
-
Size
97KB
-
MD5
35d32ac777d694188d6bd2a89e541250
-
SHA1
6ee4cebbfc71483cd19e6dd01eceaa583cf976a1
-
SHA256
d30896edbec33b0a143e60e5588d7304998614b8a4400cc9a5d37e5b75210a97
-
SHA512
4e2ac2282653247db5ab6983292b7fb529a86286ca868cef6b2ceb70450ec870a266eb8c21467a4eb04035fd0fc71ce5ffb36d2d0986233bdb1e6c2471ae5702
-
SSDEEP
3072:MwavFbFSymUJlum6XhJTeiWswHQVcScs7e3/0o:MnvFbFfV7udxteiWpQVcEe3M
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Deletes itself
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-