General
-
Target
cfa6f2082f8765e489c59290f1b1ef31.exe
-
Size
357KB
-
Sample
210418-3qaqm6r3bs
-
MD5
cfa6f2082f8765e489c59290f1b1ef31
-
SHA1
dbe9a5f1e7b6f333e8872c2233beb795396ea130
-
SHA256
47b53753c746c7f218f59e32ebdf9e563d50a0eaab3e35c04e6a8e986eeebe36
-
SHA512
dd58406efecac7433185ad293f4d2a33a5572e1a6bb4c9d57bb805e694c771b9e11e83a1b3bbd7f8adcf5b2e02a40839a7734871df396780ac8a9d612b3919b7
Static task
static1
Behavioral task
behavioral1
Sample
cfa6f2082f8765e489c59290f1b1ef31.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
cfa6f2082f8765e489c59290f1b1ef31.exe
-
Size
357KB
-
MD5
cfa6f2082f8765e489c59290f1b1ef31
-
SHA1
dbe9a5f1e7b6f333e8872c2233beb795396ea130
-
SHA256
47b53753c746c7f218f59e32ebdf9e563d50a0eaab3e35c04e6a8e986eeebe36
-
SHA512
dd58406efecac7433185ad293f4d2a33a5572e1a6bb4c9d57bb805e694c771b9e11e83a1b3bbd7f8adcf5b2e02a40839a7734871df396780ac8a9d612b3919b7
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Taurus Stealer Payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-