General
-
Target
ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6
-
Size
4.1MB
-
Sample
220915-p84n4sdbe3
-
MD5
a8da81df0c849318a012eebefd9337b2
-
SHA1
ed505931bb3e792aca59fc495a22955d11389a90
-
SHA256
ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6
-
SHA512
059e15aa1ff886b6db2da12fd87ee9776ae9e2037ffe002f63a0ec017159471689a6d6c10b1b602ca77743bff257a3fed4d9aa6ca362c086b309c0f4454ac03e
-
SSDEEP
98304:Y+NaT9aDxW7wRX7o4Ui4iZuFWkaWunDcGj0quXl1EBHNW:ZtDxqwRX7oZi48eZ8noGj0RvERs
Static task
static1
Malware Config
Targets
-
-
Target
ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6
-
Size
4.1MB
-
MD5
a8da81df0c849318a012eebefd9337b2
-
SHA1
ed505931bb3e792aca59fc495a22955d11389a90
-
SHA256
ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6
-
SHA512
059e15aa1ff886b6db2da12fd87ee9776ae9e2037ffe002f63a0ec017159471689a6d6c10b1b602ca77743bff257a3fed4d9aa6ca362c086b309c0f4454ac03e
-
SSDEEP
98304:Y+NaT9aDxW7wRX7o4Ui4iZuFWkaWunDcGj0quXl1EBHNW:ZtDxqwRX7oZi48eZ8noGj0RvERs
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-