General
-
Target
0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
-
Size
4.0MB
-
Sample
220921-ffzp1sfba8
-
MD5
d1105e6eabd9e66c9b4118141d908229
-
SHA1
2cc13c9d3ae5429a40b67c5f7c9d713a142354dc
-
SHA256
0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
-
SHA512
4b13ec3df90377a969c7c8cfd1e89d43483b7b72a3ec7265fa00c521e3944ce432e6df4afe457df8bf0b417b21e7a1579ac913ca1e440cba2e34b10697586f7e
-
SSDEEP
98304:vHv5apQiK0Rdz7yZnGDcsW9mg5G82ECAyiDHRVL5x7BPo:vP5FidRoJGDXWj5GowiDxVNxdPo
Static task
static1
Malware Config
Targets
-
-
Target
0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
-
Size
4.0MB
-
MD5
d1105e6eabd9e66c9b4118141d908229
-
SHA1
2cc13c9d3ae5429a40b67c5f7c9d713a142354dc
-
SHA256
0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
-
SHA512
4b13ec3df90377a969c7c8cfd1e89d43483b7b72a3ec7265fa00c521e3944ce432e6df4afe457df8bf0b417b21e7a1579ac913ca1e440cba2e34b10697586f7e
-
SSDEEP
98304:vHv5apQiK0Rdz7yZnGDcsW9mg5G82ECAyiDHRVL5x7BPo:vP5FidRoJGDXWj5GowiDxVNxdPo
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-