General
-
Target
0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
-
Size
4.1MB
-
Sample
220916-knz3zaahbm
-
MD5
895378f2baac103b18f1bd3358b777ca
-
SHA1
21e3c6eb2ce5730d4228458776ab5a461d29fa2e
-
SHA256
0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
-
SHA512
369c1cc84ae0be6eb816a6554a419324970cacccc04c6f012461a97210c35cad3483fb5c90d235efb4ebc2e87a93ea2eaca063bf8d6f2f125f45956e33a5c445
-
SSDEEP
98304:K+tv1bPP26U//FmOtBhYItEZVS5F7F85BuZgvMx0eg/v2xy:nv1P3UF1SV4Fy5Bmg5egZ
Static task
static1
Malware Config
Targets
-
-
Target
0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
-
Size
4.1MB
-
MD5
895378f2baac103b18f1bd3358b777ca
-
SHA1
21e3c6eb2ce5730d4228458776ab5a461d29fa2e
-
SHA256
0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
-
SHA512
369c1cc84ae0be6eb816a6554a419324970cacccc04c6f012461a97210c35cad3483fb5c90d235efb4ebc2e87a93ea2eaca063bf8d6f2f125f45956e33a5c445
-
SSDEEP
98304:K+tv1bPP26U//FmOtBhYItEZVS5F7F85BuZgvMx0eg/v2xy:nv1P3UF1SV4Fy5Bmg5egZ
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-