General
-
Target
Adobe Photoshop 2022 v23.0.0.36 (x64) Pre-Cracked\Setup\Setup.exe
-
Size
1.6MB
-
Sample
211213-zp7a1afddq
-
MD5
efd9742b88dcd244637fd20e58bf7427
-
SHA1
85b521125ed49818c05c3a0b5ccb51d1770e91f8
-
SHA256
8d49faffc4942c34bffdd584d638e39f528bde1b7c65827aa352dba1e80d5b8c
-
SHA512
0f722e9438bf1fcf8dd04179d49f0f439e39158366cdac0605c87ce751cd1d16fe5bf81fb3afed627d55701a00be01c17ae017295fc95b24502bd4e7c72ff8be
Static task
static1
Behavioral task
behavioral1
Sample
Adobe Photoshop 2022 v23.0.0.36 (x64) Pre-Cracked\Setup\Setup.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
Adobe Photoshop 2022 v23.0.0.36 (x64) Pre-Cracked\Setup\Setup.exe
-
Size
1.6MB
-
MD5
efd9742b88dcd244637fd20e58bf7427
-
SHA1
85b521125ed49818c05c3a0b5ccb51d1770e91f8
-
SHA256
8d49faffc4942c34bffdd584d638e39f528bde1b7c65827aa352dba1e80d5b8c
-
SHA512
0f722e9438bf1fcf8dd04179d49f0f439e39158366cdac0605c87ce751cd1d16fe5bf81fb3afed627d55701a00be01c17ae017295fc95b24502bd4e7c72ff8be
-
Quasar Payload
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-