General
-
Target
9ba8d4706f99dc717340745ea8e3201ba420b2b84235704919a8d015b1c35ddc
-
Size
4.0MB
-
Sample
220921-qsb5lagdc7
-
MD5
578beb20e4e0525fde11f7dd0bc92fc9
-
SHA1
4aeab6f1d0ac55f2955a10dd7ae0a20b393f0e8d
-
SHA256
9ba8d4706f99dc717340745ea8e3201ba420b2b84235704919a8d015b1c35ddc
-
SHA512
89991b6913c7fd54bd9bdefa4fe241b798a86739e509c50e54707a724fa8fd64acaf495ebaa7942b75a164f8a88dcafcc7c64582f9a6f9650cfcfc76a73ee2b6
-
SSDEEP
98304:bBLuIpvlgJMLxx00ZFtvZjted3/cpXaGqKkRkem06:lDtUCxxPZrZI6
Static task
static1
Malware Config
Targets
-
-
Target
9ba8d4706f99dc717340745ea8e3201ba420b2b84235704919a8d015b1c35ddc
-
Size
4.0MB
-
MD5
578beb20e4e0525fde11f7dd0bc92fc9
-
SHA1
4aeab6f1d0ac55f2955a10dd7ae0a20b393f0e8d
-
SHA256
9ba8d4706f99dc717340745ea8e3201ba420b2b84235704919a8d015b1c35ddc
-
SHA512
89991b6913c7fd54bd9bdefa4fe241b798a86739e509c50e54707a724fa8fd64acaf495ebaa7942b75a164f8a88dcafcc7c64582f9a6f9650cfcfc76a73ee2b6
-
SSDEEP
98304:bBLuIpvlgJMLxx00ZFtvZjted3/cpXaGqKkRkem06:lDtUCxxPZrZI6
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-