General
-
Target
671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158
-
Size
610KB
-
Sample
250703-gpzbaat1cw
-
MD5
636e49fc2f2e701b5ae9af1e02a265f4
-
SHA1
10997780bff6d46b773cc1b77e3a4982581b9245
-
SHA256
671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158
-
SHA512
c9e5f232c3c1e68a485f6821165ae9433a448fa47416cf5bc1a21cbb5747cf08493223a3520e2ff8c04668a8888563d0439c8a2da6558d83c41a2d498daea82d
-
SSDEEP
6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMv:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64L
Static task
static1
Behavioral task
behavioral1
Sample
671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158.exe
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158
-
Size
610KB
-
MD5
636e49fc2f2e701b5ae9af1e02a265f4
-
SHA1
10997780bff6d46b773cc1b77e3a4982581b9245
-
SHA256
671cd46d6fdad7e2b886cd2bb8abeb7191726e3f28743e9d71443e9b73d8f158
-
SHA512
c9e5f232c3c1e68a485f6821165ae9433a448fa47416cf5bc1a21cbb5747cf08493223a3520e2ff8c04668a8888563d0439c8a2da6558d83c41a2d498daea82d
-
SSDEEP
6144:O82p4pFHfzMepymgWPnviP6Koa0nArn20l96tCF2eKNBDRlC8HQQDhy5OwbYBwMv:Ip4pNfz3ymJnJ8QCFkxCaQTOlOM64L
Score10/10-
Modifies WinLogon for persistence
-
Drops startup file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-