General
-
Target
b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765
-
Size
4.2MB
-
Sample
220917-hf41vadcar
-
MD5
022dfceded1554b15c5bf3e4b641a9bf
-
SHA1
aa98962a83bfa24730934cda8bb0dc7facae4b92
-
SHA256
b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765
-
SHA512
60074a8acc67c2e1067513745c04e83988f4ef8230b4d128910e230254c4eae8066ac061c16702bb1197675350f33c425221d7c7371438b98df0ed9b5a756cd4
-
SSDEEP
98304:CTcRoTe2d49zqT6tDak8XHu5W1h3FXj6hLNczJPDDiE2g/il:tCP49g6Zak8ec1BFTSLNczdDe7gQ
Static task
static1
Malware Config
Targets
-
-
Target
b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765
-
Size
4.2MB
-
MD5
022dfceded1554b15c5bf3e4b641a9bf
-
SHA1
aa98962a83bfa24730934cda8bb0dc7facae4b92
-
SHA256
b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765
-
SHA512
60074a8acc67c2e1067513745c04e83988f4ef8230b4d128910e230254c4eae8066ac061c16702bb1197675350f33c425221d7c7371438b98df0ed9b5a756cd4
-
SSDEEP
98304:CTcRoTe2d49zqT6tDak8XHu5W1h3FXj6hLNczJPDDiE2g/il:tCP49g6Zak8ec1BFTSLNczdDe7gQ
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-