General
-
Target
6f79f00b5b13b637dd0506f9b38a4e8f7ff794f04e29b97c65de2e5bbd9342a1
-
Size
4.1MB
-
Sample
220916-lgn8kaahel
-
MD5
52e49163a2285cd0aba60179dd6086b6
-
SHA1
2e2f27900c58b5ecec116f6888b256c6af76a036
-
SHA256
6f79f00b5b13b637dd0506f9b38a4e8f7ff794f04e29b97c65de2e5bbd9342a1
-
SHA512
fce23bcfea0cdbba12ae8d16d191c2119d6ea92e767349391195a1205bd25b00ba5920fb80c22cbd6202ef0f27ac342717edbc4d7a6631c0c4ff633365952288
-
SSDEEP
98304:RuxmlHUSIneztxxftBFq172IlRapa0QYknNjGEQgT9oixA8k:w8l0SIstrtBFq1xl0pl9YhoixAb
Static task
static1
Malware Config
Targets
-
-
Target
6f79f00b5b13b637dd0506f9b38a4e8f7ff794f04e29b97c65de2e5bbd9342a1
-
Size
4.1MB
-
MD5
52e49163a2285cd0aba60179dd6086b6
-
SHA1
2e2f27900c58b5ecec116f6888b256c6af76a036
-
SHA256
6f79f00b5b13b637dd0506f9b38a4e8f7ff794f04e29b97c65de2e5bbd9342a1
-
SHA512
fce23bcfea0cdbba12ae8d16d191c2119d6ea92e767349391195a1205bd25b00ba5920fb80c22cbd6202ef0f27ac342717edbc4d7a6631c0c4ff633365952288
-
SSDEEP
98304:RuxmlHUSIneztxxftBFq172IlRapa0QYknNjGEQgT9oixA8k:w8l0SIstrtBFq1xl0pl9YhoixAb
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-