Trojan.MulDrop24.35135

Technical Information

Malicious functions

Executes the following

'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\setup_1.0.5.1360.exe" "setup_1.0.5.1360.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\mpam-feX64.exe" "mpam-feX64.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\360TS_Setup_Mini.exe" "360TS_Setup_Mini.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Sandboxie-Plus-x64-v1.12.3.exe" "Sandboxie-Plus-x64-v1.12.3.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\zafwSetupWeb_158_213_19411.exe" "zafwSetupWeb_158_213_19411.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\dpsetup_en.exe" "dpsetup_en.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\AutoLogger.exe" "AutoLogger.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Teams_windows_x64.exe" "Teams_windows_x64.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\eset_nod32_antivirus_live_installer.exe" "eset_nod32_antivirus_live_installer.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\AnyDesk.exe" "AnyDesk.exe" ENABLE
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Pro32 Getscreen Dashboard (beta) Setup.exe" "Pro32 Getscreen Dashboard (beta) Setup.exe" ENABLE

Modifies file system

Creates the following files

<Current directory>\360cse_official_13.5.2044.0.exe
<Current directory>\norton_secure_browser_setup.exe
<Current directory>\pro32 getscreen dashboard (beta) setup.exe
<Current directory>\rcsetup153.exe
<Current directory>\sandboxie-plus-x64-v1.12.3.exe
<Current directory>\setup_1.0.5.1360.exe
<Current directory>\teams_windows_x64.exe
<Current directory>\windows10upgrade9252.exe
<Current directory>\zafwsetupweb_158_213_19411.exe
<Current directory>\zoominstaller.exe
%TEMP%\adguardinstaller.exe
%TEMP%\cispremium_installer.exe
%TEMP%\360ts_setup_mini.exe
%TEMP%\eset_nod32_antivirus_live_installer.exe
%TEMP%\anydesk.exe
%TEMP%\autologger.exe
%TEMP%\zafwsetupweb_158_213_19411.exe
%TEMP%\norton_secure_browser_setup.exe
%TEMP%\compass-win.exe
%TEMP%\getsusp64.exe
%TEMP%\avira_ru_asu80.exe
%TEMP%\glasswiresetup.exe
%TEMP%\setup_1.0.5.1360.exe
%TEMP%\dpsetup_en.exe
%TEMP%\mpam-fex64.exe
%TEMP%\rcsetup153.exe
%TEMP%\kaspersky4win202121.15.8.493ru_42131.exe
%TEMP%\windows10upgrade9252.exe
%TEMP%\zoominstaller.exe
%TEMP%\teams_windows_x64.exe
%TEMP%\disk-o_setup.exe
%TEMP%\sandboxie-plus-x64-v1.12.3.exe
%TEMP%\ashampoo backup 2023.exe
<Current directory>\mpam-fex64.exe
<Current directory>\kaspersky4win202121.15.8.493ru_42131.exe
<Current directory>\glasswiresetup.exe
<Current directory>\cav_installer.exe
<Current directory>\chromodosetup.exe
<Current directory>\coccocsetup.exe
<Current directory>\signalsetup.exe
<Current directory>\adawaresafebrowser.exe
<Current directory>\avg_secure_browser_setup.exe
<Current directory>\aol_shield.exe
<Current directory>\icedragonsetup.exe
<Current directory>\ciscomplete_installer.exe
<Current directory>\ccleaner_browser_setup.exe
<Current directory>\yandex.exe
<Current directory>\dragonsetup.exe
<Current directory>\skype-8.110.0.218.exe
<Current directory>\setup-volga.exe
<Current directory>\ccav_installer.exe
<Current directory>\getscreen.exe
<Current directory>\firefox setup 115.5.0esr.exe
<Current directory>\eset_nod32_antivirus_live_installer.exe
<Current directory>\dpsetup_en.exe
<Current directory>\disk-o_setup.exe
<Current directory>\compass-win.exe
<Current directory>\cispremium_installer.exe
<Current directory>\avira_ru_asu80.exe
<Current directory>\ashampoo backup 2023.exe
<Current directory>\autologger.exe
<Current directory>\anydesk.exe
<Current directory>\adguardinstaller.exe
<Current directory>\360ts_setup_mini.exe
<Current directory>\ccsetup619.exe
<Current directory>\cfw_installer.exe
<Current directory>\avast_secure_browser_setup.exe
<Current directory>\getsusp64.exe
%TEMP%\pro32 getscreen dashboard (beta) setup.exe

Sets the 'hidden' attribute to the following files

<Current directory>\autologger.exe
<Current directory>\windows10upgrade9252.exe
<Current directory>\anydesk.exe
<Current directory>\360ts_setup_mini.exe
<Current directory>\zafwsetupweb_158_213_19411.exe
<Current directory>\kaspersky4win202121.15.8.493ru_42131.exe
<Current directory>\adguardinstaller.exe
<Current directory>\norton_secure_browser_setup.exe
<Current directory>\sandboxie-plus-x64-v1.12.3.exe
<Current directory>\disk-o_setup.exe
<Current directory>\teams_windows_x64.exe
<Current directory>\glasswiresetup.exe
<Current directory>\rcsetup153.exe
<Current directory>\dpsetup_en.exe
<Current directory>\avira_ru_asu80.exe
<Current directory>\compass-win.exe
<Current directory>\getsusp64.exe
<Current directory>\zoominstaller.exe
<Current directory>\cispremium_installer.exe
<Current directory>\eset_nod32_antivirus_live_installer.exe
<Current directory>\setup_1.0.5.1360.exe
<Current directory>\mpam-fex64.exe
<Current directory>\ashampoo backup 2023.exe
<Current directory>\pro32 getscreen dashboard (beta) setup.exe

Miscellaneous

Searches for the following windows

ClassName: 'EDIT' WindowName: ''

Creates and executes the following

'<Current directory>\360cse_official_13.5.2044.0.exe'
'%TEMP%\teams_windows_x64.exe'
'<Current directory>\disk-o_setup.exe'
'%TEMP%\360ts_setup_mini.exe'
'%TEMP%\mpam-fex64.exe'
'%TEMP%\dpsetup_en.exe'
'%TEMP%\setup_1.0.5.1360.exe'
'<Current directory>\anydesk.exe'
'<Current directory>\adguardinstaller.exe'
'<Current directory>\360ts_setup_mini.exe'
'<Current directory>\dpsetup_en.exe'
'<Current directory>\compass-win.exe'
'<Current directory>\rcsetup153.exe'
'<Current directory>\ashampoo backup 2023.exe'
'%TEMP%\eset_nod32_antivirus_live_installer.exe'
'%TEMP%\sandboxie-plus-x64-v1.12.3.exe'
'%TEMP%\kaspersky4win202121.15.8.493ru_42131.exe'
'%TEMP%\adguardinstaller.exe'
'%TEMP%\cispremium_installer.exe'
'%TEMP%\disk-o_setup.exe'
'%TEMP%\rcsetup153.exe'
'%TEMP%\norton_secure_browser_setup.exe'
'%TEMP%\zoominstaller.exe'
'%TEMP%\glasswiresetup.exe'
'%TEMP%\autologger.exe'
'<Current directory>\sandboxie-plus-x64-v1.12.3.exe'
'%TEMP%\compass-win.exe'
'%TEMP%\windows10upgrade9252.exe'
'%TEMP%\getsusp64.exe'
'%TEMP%\avira_ru_asu80.exe'
'%TEMP%\anydesk.exe'
'%TEMP%\ashampoo backup 2023.exe'
'%TEMP%\pro32 getscreen dashboard (beta) setup.exe'
'<Current directory>\zoominstaller.exe'
'%TEMP%\zafwsetupweb_158_213_19411.exe'
'<Current directory>\windows10upgrade9252.exe'
'<Current directory>\getscreen.exe'
'<Current directory>\aol_shield.exe'
'<Current directory>\yandex.exe'
'<Current directory>\chromodosetup.exe'
'<Current directory>\coccocsetup.exe'
'<Current directory>\signalsetup.exe'
'<Current directory>\dragonsetup.exe'
'<Current directory>\adawaresafebrowser.exe'
'<Current directory>\icedragonsetup.exe'
'<Current directory>\ccav_installer.exe'
'<Current directory>\ciscomplete_installer.exe'
'<Current directory>\ccleaner_browser_setup.exe'
'<Current directory>\zafwsetupweb_158_213_19411.exe'
'<Current directory>\skype-8.110.0.218.exe'
'<Current directory>\avg_secure_browser_setup.exe'
'<Current directory>\avast_secure_browser_setup.exe'
'<Current directory>\cav_installer.exe'
'<Current directory>\ccsetup619.exe'
'<Current directory>\kaspersky4win202121.15.8.493ru_42131.exe'
'<Current directory>\setup_1.0.5.1360.exe'
'<Current directory>\teams_windows_x64.exe'
'<Current directory>\getsusp64.exe'
'<Current directory>\firefox setup 115.5.0esr.exe'
'<Current directory>\norton_secure_browser_setup.exe'
'<Current directory>\mpam-fex64.exe'
'<Current directory>\eset_nod32_antivirus_live_installer.exe'
'<Current directory>\setup-volga.exe'
'<Current directory>\cfw_installer.exe'
'<Current directory>\glasswiresetup.exe'
'<Current directory>\autologger.exe'
'<Current directory>\cispremium_installer.exe'
'<Current directory>\avira_ru_asu80.exe'
'<Current directory>\pro32 getscreen dashboard (beta) setup.exe'
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\zafwSetupWeb_158_213_19411.exe" "zafwSetupWeb_158_213_19411.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\eset_nod32_antivirus_live_installer.exe" "eset_nod32_antivirus_live_installer.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\AutoLogger.exe" "AutoLogger.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\dpsetup_en.exe" "dpsetup_en.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\AnyDesk.exe" "AnyDesk.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Sandboxie-Plus-x64-v1.12.3.exe" "Sandboxie-Plus-x64-v1.12.3.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\mpam-feX64.exe" "mpam-feX64.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\setup_1.0.5.1360.exe" "setup_1.0.5.1360.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\360TS_Setup_Mini.exe" "360TS_Setup_Mini.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Teams_windows_x64.exe" "Teams_windows_x64.exe" ENABLE' (with hidden window)
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Pro32 Getscreen Dashboard (beta) Setup.exe" "Pro32 Getscreen Dashboard (beta) Setup.exe" ENABLE' (with hidden window)

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial