General
-
Target
6e20c8b9971098d2110172265c04540d
-
Size
12.5MB
-
Sample
201117-clzn4jnxma
-
MD5
8ae48237b26112bebf0985683e8f5c25
-
SHA1
8a437c29fb59fe43daf2877d250ee297d832ad68
-
SHA256
b4c8c07cb2c56f7ab878ed46e38f7359f823e9f533b921bcb7e0740b8ab370b2
-
SHA512
ac5da81fffac28b91f02458c6c45a1734821983bc7c47f78f27ee6556c24f4f0ce3f5c570cebbeb422d52001f7bad810d19c815a289df189529c6e8551ca5a24
Malware Config
Targets
-
-
Target
6e20c8b9971098d2110172265c04540d
-
Size
12.5MB
-
MD5
8ae48237b26112bebf0985683e8f5c25
-
SHA1
8a437c29fb59fe43daf2877d250ee297d832ad68
-
SHA256
b4c8c07cb2c56f7ab878ed46e38f7359f823e9f533b921bcb7e0740b8ab370b2
-
SHA512
ac5da81fffac28b91f02458c6c45a1734821983bc7c47f78f27ee6556c24f4f0ce3f5c570cebbeb422d52001f7bad810d19c815a289df189529c6e8551ca5a24
Score9/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-