Overview

overview

8

Static

static

3

rcedit-x64.exe

windows10-1703-x64

8

rcedit-x64.exe

android-11-x64

rcedit-x64.exe

macos-10.15-amd64

4

rcedit-x64.exe

ubuntu-18.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rcedit-x64.exe

  • Size

    1.3MB

  • Sample

    240706-glt76axemj

  • MD5

    e0cb28bf051d6311c1dca32f392c7d5e

  • SHA1

    d210d5297a17a15deec1c19359b6f9fe1861092e

  • SHA256

    3e7801db1a5edbec91b49a24a094aad776cb4515488ea5a4ca2289c400eade2a

  • SHA512

    c13e7ffd60169c348e16a3ea59a171c1777acdb241f950c11a6e9b69c955a3a4eb3432182aee7f489a87a555d0bd51fde3b597826f7c1e6488f1f5097359ab4d

  • SSDEEP

    12288:FT8MNbCKEQibPsFC8KQiQE2EEKE3N47wLIFaVGO0B/FvrC0R1qKNlKbNbGEzET1N:vbCs3gfEQT1UtsocI/+c

Score
8/10
androidevasionlinuxmacospersistenceprivilege_escalation

Malware Config

Targets

    • Target

      rcedit-x64.exe

    • Size

      1.3MB

    • MD5

      e0cb28bf051d6311c1dca32f392c7d5e

    • SHA1

      d210d5297a17a15deec1c19359b6f9fe1861092e

    • SHA256

      3e7801db1a5edbec91b49a24a094aad776cb4515488ea5a4ca2289c400eade2a

    • SHA512

      c13e7ffd60169c348e16a3ea59a171c1777acdb241f950c11a6e9b69c955a3a4eb3432182aee7f489a87a555d0bd51fde3b597826f7c1e6488f1f5097359ab4d

    • SSDEEP

      12288:FT8MNbCKEQibPsFC8KQiQE2EEKE3N47wLIFaVGO0B/FvrC0R1qKNlKbNbGEzET1N:vbCs3gfEQT1UtsocI/+c

    Score
    8/10
    persistenceprivilege_escalationevasion

    • Drops file in Drivers directory

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Event Triggered Execution

1
T1546

Accessibility Features

1
T1546.008

Privilege Escalation

Event Triggered Execution

1
T1546

Accessibility Features

1
T1546.008

Defense Evasion

Hide Artifacts

1
T1564

Resource Forking

1
T1564.009

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks