General
-
Target
595C00BF9CA4BAA42B4490F2782CF2D3.exe
-
Size
1.1MB
-
Sample
210611-ezj8ccjy3a
-
MD5
595c00bf9ca4baa42b4490f2782cf2d3
-
SHA1
d1441cc336655f36efc3db070f84701a1f68e51a
-
SHA256
6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5
-
SHA512
aaa673adb4511d7e4ba5836f6874b047e8c2b31f86e005d46094a47626d23f97d72874307538c451541dbb44905503df2227902e9f4ccffa4d9836981abcd2e6
Static task
static1
Behavioral task
behavioral1
Sample
595C00BF9CA4BAA42B4490F2782CF2D3.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
595C00BF9CA4BAA42B4490F2782CF2D3.exe
-
Size
1.1MB
-
MD5
595c00bf9ca4baa42b4490f2782cf2d3
-
SHA1
d1441cc336655f36efc3db070f84701a1f68e51a
-
SHA256
6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5
-
SHA512
aaa673adb4511d7e4ba5836f6874b047e8c2b31f86e005d46094a47626d23f97d72874307538c451541dbb44905503df2227902e9f4ccffa4d9836981abcd2e6
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-