The analyzed malware exhibits advanced behaviors indicative of a sophisticated payload. The behavioral analysis reveals significant activity such as allocating and modifying memory protections (PAGE_EXECUTE_READWRITE) via NtProtectVirtualMemory and creating executable files in the AppData directory. It also establishes persistence through registry modifications for autorun (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\acplec.) and deletes traces of its execution. Functionally, the malware employs packing techniques (high entropy sections) and anti-virtualization measures by detecting virtual network adapters. Additionally, privilege escalation attempts are evident with SeDebugPrivilege and other high-level system privileges. From a network perspective, it engages in UDP communication to multiple multicast destinations, possibly for command and control (C2) or data exfiltration. These characteristics suggest a highly obfuscated and potentially evasive threat targeting system integrity and confidentiality.
