Extracted

• • Target

    RtlUpd.dll.exe

  • Size

    62KB

  • MD5

    c16bdc61bbc82e9668f8cee9cc5c94c5

  • SHA1

    c2f98475c7be3064e0b294ef546f57d3c3a1e267

  • SHA256

    6a195e6111c9a4b8c874d51937b53cd5b4b78efc32f7bb255012d05087586d8f

  • SHA512

    9337275916970bd88fb1de18959bf587e29147cf6198e3a242679b198cca26d7ddeeda2e893145058444e494048768ac33ce36e75a44fb84b4a0c50a3814faae

  • SSDEEP

    1536:yyMGpJvykUU0mVWUBmJyB1NjKOaSHGfuUF8u7J8NG3:nrpPUUXWXK1NoLfuQ8u7J8Nw

  Score

  10^/10

  warmcookiebackdoordiscovery

  • Warmcookie family

    warmcookie

  • Warmcookie, Badspace

    Warmcookie aka Badspace is a backdoor written in C++.

    backdoorwarmcookie

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2